hxxp://fhpg[.]rionprinting[.]com/ei-xmi#8iGtJyJo2/nCNaYWakCWvy4lkGCQwsLNmfMSvHw2Ccc=

Resubmissions

23-05-2022 13:47

220523-q3yrcadgb6 10

23-05-2022 13:44

220523-q15f4sdga7 10

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220414-de
submitted
23-05-2022 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fhpg.rionprinting.com/ei-xmi#8iGtJyJo2/nCNaYWakCWvy4lkGCQwsLNmfMSvHw2Ccc=

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "575454073"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 106dba3bbc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6040c440bc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000663008208b6a730f3155bbd6749223e4f65d3e8f8b8b0ff93b23f58a0f02f8c9000000000e80000000020000200000003446567a95ca8fcf4ab053cd42103b0e0e64448a612e0b1deb337883aa844440200000006d89994c3ca6f144ca3932e7caa2c4a6cb3eed5c8478d8b0d785e721ec3ea105400000004f43e127bbb08d1333f2bdd2d4adafb66803e1fd46ef46e5bc8cc9145752a3d0fbc82bda134bd93381b84345162b24e3b95e046b1cd8d6dd077bfd8e407ff2af	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c025f24abc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8046824dbc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000ef6f4d89e9cbfc7ed62d8c52ba4ceb67c9371c55df09dacedb1a526e53ae8472000000000e8000000002000020000000f2774176088a073b4ae1c60d0a721418d1277ac2f4911d7bdc3e293cbf5a7629200000004c94db3549ed0c723981ade254fef769d1d207a0245a9c296169616534c61851400000002ab3151996779233d44cec473c2533cc778a24cc47aef9cb950a53dbfe61bcf0c1ed654c588aac411aab46c211b3bf4e26d1b8787a458185674ef01296353d6f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a01e861fbc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d35b5fbc6ed801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30961340"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000d7764e37bfdb3a80c8592da8aef28b3c6a7caf3e9ad3f6781112293d2373e8f7000000000e80000000020000200000001a410bd896bf08c40d96b1c514b57ca7e5d3dbae36580efa4dc35e5f00bd75162000000086ca79c31bc5fccd50fdcc7166c000051c0bee549176c1ff4f2d1df7aa12e79d4000000095a1df2705cd5b215a3fa8b011596377bfd980acfc98f060cc1aa40c286bbcb1c74291ed22782d1a04be2ab6d4d13f929a4cbcf85bd8430af51535e6c8bec52f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee000000000200000000001066000000010000200000000cc857da37e82db888ad9c42e0c41b8171cb7a17aa434f63d6d6a2ce178f6b82000000000e8000000002000020000000b6710de942db8b31160e0437b38664d1e13fabcdd2f8530c3b21907894cad10620000000fcbac90d25b23b474077cd43e39e3776eb3ac079ba698d1b05ecbe32dba1ea8a4000000088074abe83db78b943adfbd7433cb902654cc85410f4391b0333e3890cf9133eee7c17b9a4446f22b90333e026e98f0f82bb6a33b0c6b3beb62cf93e47f176ea	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee0000000002000000000010660000000100002000000012697e9bded8457450768e213e59ee7b4801b26a8f9eace0d9bc87118ac4c84d000000000e8000000002000020000000d71fcd3bbc7bf5024dc83b234d50bb0807921dd44b6f8df0c54643a5ffb979372000000012da96778b1203d00e675d20c4c0407aff33af39c5110e16a7d65b8169d7a46640000000388ceb6bb81ee9f2c46b8555af988149d117af3dc15d332d2f79f6ee01e56fad0579f0d5b1bf08d8ef786594cc2e0b3b6e74c01b928ba7dd1f66e2ef2ab77cd2	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000c4a75a131dfb3a5d6eadcb3de8b3292d7b8cf54c548edf97e83b3a5e75f7e84b000000000e80000000020000200000005d6c2d502d1be2de6dc98fa70702ec095de9eb81a20557cc224eb9c8dd1a7e7e20000000404c4bdbedd291c8869c4cb80ca58e44a5df12b2474c0d8575e3069814e7fbea40000000b7f5b879ac97df70dc906ba25f3f5b1c2e30925413bbf4ab56b1b1482536a0649dcf6f87d5a9a3fe098efc6ce28677ff1c6aaaac59cc6c3663602fce465c3115	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a71718bc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000e913812f8c0e0cfbf36a5f083ddaf80301dac0fd7c52fdb46b95121d6b18106e000000000e8000000002000020000000dae0599a69bf037706ee152350d56d661cab50de1e1beb67c3e34fbb6b2cbd40200000001213dcadd4f1e217cc33d30497c38f7b49d8559c873d6a6ad55be3cff3d3c5c240000000e163d4c5fc63d8ba88cb3cfab0cd1317e0a1eba46de878174fc4f488a8fb311b64ae8c944f52582e7ed09f18302e12de0db15ae6264ff77461a4dc1086c3c8f6	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee000000000200000000001066000000010000200000006de6cdafbafab8f69fa4d7515a64484d7d029eb78bffd9f2e1298016b809fdcd000000000e8000000002000020000000820bfa430601bb26fa72a58b01e8c991763a84ee5ab685b1d218c017783fbec320000000a17daaaa9466c79608abe2ec782f0814ac211612a0f81ec692d366d5931a7a274000000045275dafd45ca4300dfeafbfd24c046ca48292af514413901e571d8121f8fbaf2f5ddfee15d0bc011487f534486e2a7700b3b15ad20650755051a99b5f986db6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00ad1650bc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b05cbe57bc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05be961bc6ed801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee000000000200000000001066000000010000200000007f7159eaf90f6751f9b93ab6a09087ee65ffcee501d9241e36dc220160bfd602000000000e8000000002000020000000f98315afa6c3ca4d064adce3d3b81fc9a95903b386d8ae17691959f6c484ff47200000005f1f73eb0afd3afccdb53c603c668a8f7c216d24db087f29120663d16207866440000000b96ecc5dfb4a01d7c06d2056321c54aef7e95c23a39678cd6985ca4f443cd6ef732c9b83bd91ddd5ce96984ce27fbd7dfa8a255cd0979f42e5a30563726dbbc6	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d022131dbc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000522da94406e363dfe0671d9c15650f7ef0ee62b30767a860995efc78fa84fc11000000000e8000000002000020000000067f98ff8148b8b5ed218ac89db0b7d1b638996c4287ed6bc73eeb6acf6348692000000052e622175c0d2b6412d99f4885a87e9c764418255b44a4cfcb32a0bb223c599d40000000432aec627e62c619da8c504fdd45a5418f20a92992d356308f775e3b438834f70de4b1e0afb0b5db60ad92a49aaa7a073ac0cb0d9c705fccdf762b8ffa8f1568	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000aef325c7682ba82857412ce31b19674f702527ac31b48ed72baf940fba3468a5000000000e800000000200002000000015b428fa45cf7c88cbc9d31c5a0b500a5311d92f310fbb170a0c3a9f44310f3720000000774b7b689645e77b5487c47d1afb214fc178071e641a9b83503705b80a0aff724000000065523e2b29e67134004ad2b4d9b9be665961c302e875208d851578390769a668f4e7201054a413ceb0ec3f89a7d544a260a73acfbc7d2d28ccf4299499197bfc	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000c52c453310b926fee455b2c106d568a019d50f0868a2cf421c1da110e109c7e1000000000e80000000020000200000002b802a4d53abf597e166e963ee4642b8e2dd63f2572793fa2cbe3c927c3b5aea2000000037f71a361b3913d534197f7fd4bf3f6c2707e789e3ba6059f63d04c9799f3c9340000000cc96f6055df2fa26ebab2e665316eba6d377d19b28b267c1ad42e3b079d1bdb8011f1cdb705fcc16c63995ea92c81285c7b09778d8649e86e9ba6931eae26d6e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20026915bc6ed801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4BD1E750-DAAF-11EC-A58C-7A7C89707FD5} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee000000000200000000001066000000010000200000000e1bc3e44f52d463ab8f17132bf0bad0c092e4305ab5867b042a5f1b6b379235000000000e800000000200002000000009a66658f5161fc346d77ec149208cf4efbdc7b2031ef8ebdf9607220f822107200000000f307d469b773c400a4cbec9ad9db5a0ab054c519dcd6e739494a511a08ade0c4000000055a7cc9242655eb1cfc3aeed3463ba3c9d46671453bf77018040584e6b6bd901f4c2191263cc74bfe0c0e63cf45457ec290efcaf358aa502d241b750b9c76722	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0184a3ebc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000b79aad931e76bde3865794901d56335ccbc5e3a2f2c15f359d090a41e314ff7f000000000e80000000020000200000005158ea2386fe2b766aacc907d20cf39852c03bbac782da9fa9d362c47f4316df200000003fc2df501735e388b77e9974802ffb104ecb9c320b1af7c7c51bb6e1408d8b6040000000702e2aa0eaea45232aa5b570da481265fdef1c5c944819fbf5d2bedc7d82991fa941cd193dcf105ad6cfd91a95f7a65d4d9374dd885f25b61e944491d71ea50e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20165664bc6ed801	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "543422644"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 805ff421bc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60842b27bc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0e12b2cbc6ed801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000d041b2022c071aee72d08ee905bf85695e70c54d477c651fbdc55cb11b247645000000000e8000000002000020000000c9ea3f4f1119c1569593123070092756a43cc53a178d6455bdfceac819a6757520000000ef316615eb808a3515bc4c124371e113f7fb67cfb694a67e305793ea1cf5857140000000dd6996e12d03244013517ab4a088dcff32e0136ab83f2338c6f40efb48bfbe0185aaff55d705fb7691104de9dfd9fce9056b953c96de6cb637a00cb261231d9a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee0000000002000000000010660000000100002000000022b539d8bad348a1710f2d13c93232d97065ec5001ef247f47910b3f90abdf0b000000000e8000000002000020000000c4f888fd6bc680f8552b029578f4a6157136184e36506510df4210160479ac4120000000f50988699ee9f95e2f98429224e5a21f287966fbec26cf079df449024db8b1f140000000b9b3c1cc8974133b10abd78c4007c073535cc40cbabcfe63329a50c8aa7ae3e504ffbd796cb5eae8d4dbd2bc810a92e8f10547ba766d5542d8804d195a4af1fb	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20df7c24bc6ed801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "360085674"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000614cba4e5180089a473757e1d5b5fb61d0af542a48446fd3fff3665ecf52ac2b000000000e800000000200002000000023bef7c4c491f3a91f42280905478bd8743cdfba7a224b5a65b47f7a82faec65200000006deff9d4b8e3042278c4c8f91f30308bb7777770e2532aa002d4d0be87a87848400000006786e7a6ea1445f1eaf1ddc0431328dc8856ceebd59ab116384aba612dc29716604bf66fae0285a9794e12d400b0f84fc0c45af9abc75c971f92d90c6c1ce6c7	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30961340"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\de-DE = "de-DE.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000dd6f6275cfcb0de363ff5bd9cc5cf58cd94a20958b3d7c4d9a3ced59e6925ec8000000000e8000000002000020000000820bb87e233515d8e74e578cf4b642e19a8fda3ed106756f8f00d2d8421dd79b200000002ed0a5a6722d0d0013a962f81f84e01d1bdf51c9311d27a1745392bb02de41c9400000008b2a71a514cdb5f06bc83a6f9fd43eb38955cdca6cb0313894d1a07c64deb44d4f34e0d85b85483a8379918c74f666cff053ea24ecd77a53fed8c6dce76b4fb4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ced245bc6ed801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80c0a352bc6ed801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707c2f39bc6ed801	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

4940 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

4940 iexplore.exe
4940 iexplore.exe
5028 IEXPLORE.EXE
5028 IEXPLORE.EXE
5028 IEXPLORE.EXE
5028 IEXPLORE.EXE

pid	process
4940	iexplore.exe

pid	process
4940	iexplore.exe
4940	iexplore.exe
5028	IEXPLORE.EXE
5028	IEXPLORE.EXE
5028	IEXPLORE.EXE
5028	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 4940 wrote to memory of 5028	4940	iexplore.exe	IEXPLORE.EXE
PID 4940 wrote to memory of 5028	4940	iexplore.exe	IEXPLORE.EXE
PID 4940 wrote to memory of 5028	4940	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://fhpg.rionprinting.com/ei-xmi#8iGtJyJo2/nCNaYWakCWvy4lkGCQwsLNmfMSvHw2Ccc=
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4940

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4940 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5028

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
250ae6beaa18d24f978ab61ff194f33f

SHA1
18d3eec1d9dcb5fe0d4fb4244cbabe8078959d9a

SHA256
8e8a63116aca846f76b38433c211a33c55c0d14d21d22e83503a18a826527bc7

SHA512
b4135b9f09c039fdfe0d053642fe24c2f70050cf17369fe6e80b969de629b0cc6c7734b4f1590eeafa4f8559ee0e7506bc36055bd37b6cfbf376d4e4dd2e1d12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
404B

MD5
1e03f105aafef09e58709efcb570546f

SHA1
0adbfbb4cc5ca8cd13237146e6ac0c2c985280ba

SHA256
5fa730daae195c9ace7ed5cbf87bbd90ce823b0f834c0951cc231cee0cafde67

SHA512
88190b2a15cd49280b0f610b2fde059856c5dae9068f2656a81be08a703e86fde6b5a81437c7b98d5e859d91377987148533b946d1720cf6a8df23a7a4347d88

Download Submit