hxxps://telegra[.]ph/Important-document-05-24

Resubmissions

24-05-2022 08:39

220524-kkanxagda8 5

24-05-2022 08:15

220524-j5q1ysgcc8 10

Analysis

max time kernel
225s
max time network
252s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-05-2022 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://telegra.ph/Important-document-05-24

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook
Detected potential entity reuse from brand microsoft.
phishing microsoft

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000aeaf91a8c01232660402ad32b0332a745348ede45218d71c998b730b6fe81bd9000000000e80000000020000200000008ada21034a3b8d9035274387646fed3fd6ba5701706cf4f0ed72d246378a88e35000000095cf01240de843cc54986715f9a95eb45b78e70e7cad294b9ff0fe578f718d448425d0311a0cabf6044e9633258ea1c53f10f8ffd86d15eae55350e4ada8508cb5cee2d9623f7d80aa7e2860fa27d2b840000000e127d58088ebfeafad7e164fc784e1f511c16dbbe47478d0b5e2d1bc1182c775c75d9584e525577caf2ff79471abf7668079c0d2fcdfc7da4c0c29f6972095c1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1191427313"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1202852683"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 109c4f95576fd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1003df62576fd801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 509fdf62576fd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7293A54B-DB4A-11EC-AC67-FA63415F8E77} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1191427313"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\IntelliForms\AskUser = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c8af47576fd801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000996ab1d920e0c1bfe3aabee697162708b14dbcb52df6f95ffdb040973b1b5f22000000000e800000000200002000000023027723b2bc6242cb05031d4dd5b4f49257a10fdb4c6489a449149b87ff6a7b200000000ac4f2224011dcc3d88fb8b5385b6054a4be0666206feac114ca6db88e30c93b4000000049b8c20856d2303332d0aa7f9c08045b9d19dbd04ccca3428d4b93a00826693e6c1e1a06e7e1684e175d0dfb27ad38d80031221e5b9b3d9140ccb216507d2ce7	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Version = "5"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000662057e0ee8ee8ffd67c7279e37c62a7975fc0b59ef2ac5dd5cead311677fb11000000000e8000000002000020000000131287d2e77ec11338d83032e04240982e4bab7d08adcc89cb12ca403502473f20000000a97347403e18cee429852f6f527a53d004819feeedbaf293039217619413c3aa40000000cc852d13ab9aa60a54aeebcfbc5a17f441e7f45956140591725f05a9d3770ad60ff10de9002605dae287b7fc8fba3a60d3688a2343020a42f2e86c3e11f14462	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e80979576fd801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000535b37de1e3b17860850ad499bd3569e022ca35932891ee2994490031dcc92a8000000000e800000000200002000000049e88bf75a24d475981bd9fd7bd7d64d3eb8189516c24d62d1d399c4e950cb462000000045e7f6d3f7d67ff2574562ebcea26807602da55155b3745837aeccae1543417740000000925aee0740c2a2bef8c49d61729578250ca83d11634725cb25bc59a227e0722a0f1d1088b7b8f4fa5de036734a342060a3a9ea2a8bf4e192d8599fdc606b58ac	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\User Preferences	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\User Preferences\2BB20B33B4171CDAAB6469225AE6A582ED33D7B488 = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000a3f107444036e80d247f8b18ae84d28ca5c5b6c0f94987de2480fede05002e54000000000e8000000002000020000000a28f1c3a146be345ee984dd3846366873ba1cfc281c712c8c361dfe51abb6bf510000000f9de88c0d8645ce831f9280635bb22924000000046df3476ccea99128cad6d181e3dda632fb79bcfbf386347c3ee567c9705ddecf3bb40214f625957e41072bc4766a3c85f0847a81eab7f26c9aad1af20cc3309	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e04b1447576fd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30961495"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1464532642"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000d1868dca0e814d2535b0ff864d170a76d837cca7de577594e5813fbdbeb07dd5000000000e80000000020000200000008c430e6a4d2080bf0262c0406641410207616a39ece5c6a39cf04a560c03122420000000a2a854b0bb3ecec6316bee878e9a8930b0c4e3e8d67be2384d7dba6bde63cee340000000b6cbe4310a36ace9b219c821b097dab131a612d081354f0b84efac9a87ef3960064df2469a2883cc3928c342afa1b864a4bee3210e2045c472d91a0623d74f3e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = f982cdb29d50d801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b0915000000000200000000001066000000010000200000008f76938e7e91d702a4a09a13343920efeff5460db98138a6fb5d82fe1ccbbf69000000000e80000000020000200000000099626b60e51fc98e08893ad570428eb2d308c5f77c0b45cba5a8c5d6b462bc200000006b0494fcb3d5633dc595466fdf6d4a9fadcad185aa92084d672972e06ce0d6de400000008a23ce850903e4980dd23560d1f5fe697459d16729171bece8115067a1b20a18ffc3f0b945cfa84c4cba3b351901892e7b66cddf9c7fa9f75ce473dbe92b7ab7	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30961495"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "360152309"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE

Modifies registry class 1 IoCs

Processes:

iexplore.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings iexplore.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

iexplore.exe

pid process

4680 iexplore.exe
4680 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

4680 iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings	iexplore.exe

Suspicious use of SetWindowsHookEx 42 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
4680	iexplore.exe
4680	iexplore.exe
1236	IEXPLORE.EXE
1236	IEXPLORE.EXE
1236	IEXPLORE.EXE
1236	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 4680 wrote to memory of 1236	4680	iexplore.exe	IEXPLORE.EXE
PID 4680 wrote to memory of 1236	4680	iexplore.exe	IEXPLORE.EXE
PID 4680 wrote to memory of 1236	4680	iexplore.exe	IEXPLORE.EXE
PID 4680 wrote to memory of 756	4680	iexplore.exe	IEXPLORE.EXE
PID 4680 wrote to memory of 756	4680	iexplore.exe	IEXPLORE.EXE
PID 4680 wrote to memory of 756	4680	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://telegra.ph/Important-document-05-24
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4680

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4680 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4680 CREDAT:17414 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:756

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
Filesize
1KB

MD5
072f65462640dba30c97f2291ed9e5e2

SHA1
4a0f211dea0969b961ec9b55e23c23588d811d21

SHA256
37ebee95068a13b2b8649ca81afb2475e3c71b4c7d9e6adeb90cd7f9d59d804f

SHA512
fe6483e55a807263c986f4c4060d8543b3793da655fbcc05d34c9a3093f5f0c145d458c139efeaebb1808d68ff03260df53e798fbbdeafd4de0a7e6d44cc056c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
250ae6beaa18d24f978ab61ff194f33f

SHA1
18d3eec1d9dcb5fe0d4fb4244cbabe8078959d9a

SHA256
8e8a63116aca846f76b38433c211a33c55c0d14d21d22e83503a18a826527bc7

SHA512
b4135b9f09c039fdfe0d053642fe24c2f70050cf17369fe6e80b969de629b0cc6c7734b4f1590eeafa4f8559ee0e7506bc36055bd37b6cfbf376d4e4dd2e1d12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
Filesize
434B

MD5
fb505e7e65e36b20f10ffa99b0b5cf93

SHA1
01fb7c12a14d1224cf66794f409d89e4614ebe5c

SHA256
8d2e8434cfae8da8d29337ed07daa69196ecffeaf6cf7d65773c9394e450a5dc

SHA512
df1d6edc1ec22b7e2d0dc53ecdefc0bdf0e64f840ea99515fb264bd4721f52fe3c8e126ecef01d95f72d912fbc58f5feb6b31f50406f54496d8e709956f1f66d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
434B

MD5
01264f698ded3345a2cd3d41a931b61f

SHA1
d4ee0b27eba7bad3e9605098d1b87617acfeb00f

SHA256
4a7a0def23d07f3e3fb81b42286ca5a7d6bf0143cb6d22130bd693337d28de5b

SHA512
c8bc927a18c983db2770a2d3884bd65cfb2932c37d2562f740ef319660b2a8ba6858ad3f2d2d221bdb17fe1f5363d39ad96496527fb0b4dcd56835b929ecbeab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2klo80q\imagestore.dat
Filesize
290B

MD5
739211b26714136a7f2a9d7289adae7e

SHA1
e4bfaf8805b6c2ac6fd0549dc40c07ca15495fd0

SHA256
9508b20c82865e9b180d6b9fb66dec80396badb804236e76af25b297cafd6fed

SHA512
72aaac0a6b47c8c276e15d332743fc0e6a2f929d1c87c54c43a9325c66b8a9584f2c76134ba8661012c7083c9f22fa90a4015c3a3565a6df8fde29b529ef498e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2klo80q\imagestore.dat
Filesize
18KB

MD5
d615ca0f900f3dc5940779ef719ed828

SHA1
e45c5ad955c02a5c8359b48b97f3204f85cb8abb

SHA256
d733691f18896098e9779cb12942a766549572b1396a86a0eae4038b35a51b1c

SHA512
0d3af1c3f53f6aae9699719259aa2077096f9448bf23a60dc338352a4e7c441aa9ded884f1564976f25b1672a433c5d7d8a0e409997cbff981db43d10b5262ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2klo80q\imagestore.dat
Filesize
22KB

MD5
237c31faf7b44c04bf7672f43c3bfe93

SHA1
9a051b5a7ec16a09323c817d080d77370146b3b1

SHA256
fa6acf55999fe00997840ee77bcc4226ef9744f74f872fa364daf00324947a8d

SHA512
46e00bc2c7a060cbbbbe25e1c92eb81f666482b832633b681a6ec4a39931fbf826eb47a3d5c71606cc049371ed1b23c4253de88db15b0e25b06ada92d593d3ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2klo80q\imagestore.dat
Filesize
40KB

MD5
a3f1a2279933a91dd3e5b66e41a914fc

SHA1
4b0392e848a886a7235045dbf4e7b777e8c4e193

SHA256
3f0a499f39c72ab981c086d54eeafa98f6ec09297ecb83aea2ef7619cbd78150

SHA512
6560999c57b49f5493e18bf0c34fbde6aa864e43df78ff19b4ed2d77e0e6af421a9eba47166c5d5b5be6ecfeffe2f9300a2bc38f37ff3b6f66b4456abbb4fb63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2klo80q\imagestore.dat
Filesize
57KB

MD5
215e1816ed4548a4600c39c001e9ff5c

SHA1
e49d531d17c2ba03d7551a7127084376042a57d6

SHA256
efffb4322fb9299ea8ce8d4b88a7b3bdc4a21da8a92aba28d30aafe9f05dcfb4

SHA512
268f1f02fbe94a3e92c0c38a84d5a9bb1f4bc86b6bdb0446f17fbb3d613a4171241cd8b4248c853a369708b7bcbc691d2f80bff0d69e82bbf58ca33b29c84df8

Download Submit