f045592284747c6075e70ba621e0b08dcac3e58f6abadc4b240397a773a78324

General

Target

f045592284747c6075e70ba621e0b08dcac3e58f6abadc4b240397a773a78324.html
Size

1KB
MD5

4ff92d57a2e459f68465cabd85f0488c
SHA1

d8de37ba8f835a4ea61dcb1559e3191426ffbfed
SHA256

f045592284747c6075e70ba621e0b08dcac3e58f6abadc4b240397a773a78324
SHA512

77b2f5ec4716eae00039135626aed6b8680a3bb597a53f724a7024595805dc183cd5e6970c91be79c56c40bece80531b3a9d18d33df91f66d92162703feb825f

Score

10^/10

facebook phishing

Malware Config

Signatures

Detected facebook phishing page
phishing facebook

Modifies Internet Explorer settings 1 TTPs 56 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\effervescence-records.com\Total = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3616483698"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3660858356"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.effervescence-records.com\ = "6"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\effervescence-records.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30961598"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.effervescence-records.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30961598"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30961598"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{02BCE96D-DBB2-11EC-A58B-C6557A73C573} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3616483698"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\effervescence-records.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\effervescence-records.com\Total = "6"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d058bddebe6fd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.effervescence-records.com\ = "21"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000792bd49dd38128f2f4f3e21ef73375c9c01235b1fdc0f9da3c73243cd0f2c4d0000000000e800000000200002000000042f652bc98fcfeebd811dba9b532236d0b9ff016867dffde0f126ee8dfc0493c2000000023c2a667b603d114873322f57df586fdad79642ec86e2c19b36e1e30f8d6c0de4000000003957d635006d1e7b86c1c565987c2d990b404c31d05cbde5bfc6334ab857e312b92be10da788c30f821d05331d3c8b5eba0f109094e22c114d107f9b2217b34	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "360196793"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0b562debe6fd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.effervescence-records.com\ = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043099a93b0a2dd41b22bfbb30670caee00000000020000000000106600000001000020000000eda679dee1295f7975e58bfa4f928d9ab37ddb1337f4231caa46202784b54262000000000e80000000020000200000008357c57a29bd7fd1b80ea195adf500bd016a66447aa827f9d9de3650708407df200000009e18564c02f718df2cadecaad37ebe2bad33ed1984e83cb300bf8322bbe031834000000042c1e1ef1177e67c783f586e1078f5b24af3f1a4b7247639f4f0c6b84a7dc1e48ec21ad8e6efeb5cc44c7774e704923cf94f9541f74fb0243b086e28ae6f70e3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\effervescence-records.com\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\DOMStorage\effervescence-records.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

3424 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3424 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3424 iexplore.exe
3424 iexplore.exe
5008 IEXPLORE.EXE
5008 IEXPLORE.EXE
5008 IEXPLORE.EXE
5008 IEXPLORE.EXE

pid	process
3424	iexplore.exe

pid	process
3424	iexplore.exe

pid	process
3424	iexplore.exe
3424	iexplore.exe
5008	IEXPLORE.EXE
5008	IEXPLORE.EXE
5008	IEXPLORE.EXE
5008	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3424 wrote to memory of 5008	3424	iexplore.exe	IEXPLORE.EXE
PID 3424 wrote to memory of 5008	3424	iexplore.exe	IEXPLORE.EXE
PID 3424 wrote to memory of 5008	3424	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f045592284747c6075e70ba621e0b08dcac3e58f6abadc4b240397a773a78324.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3424

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3424 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5008

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
3c94b790a4d3d3813b9804b360811c02

SHA1
9b42bca99be723330c45b22abb0698f77ef8077a

SHA256
7bc88a561babff736195edc916e12556d4a870e9dc94e649adff7d6859468d93

SHA512
594410b019fde2552e456bf87934eab332c73d5a1c73c3fac27886bb2c8f2b2c174acb0fa5f67b40a4b41339cff713b239eab680c6dd7aab00aacaf8e38538b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
404B

MD5
8defd9cd2460a87eef7a88633cef60a3

SHA1
b68b89114fc7d8dfdcf87dd26c6bfb0d8c71cbb0

SHA256
bc8322f4ab23cde57d1d46c53d5b67417c4db8623b31f1eb85a1c02a5b6066f2

SHA512
6559924e51d736c5507e76801c45e754283c167fd1d783a63645c1075a0c21800fee299e9a1611cbf3bef48a5e7c77ae7580b2de2f0182eae59714da8dc1cdbd

Download Submit

Analysis

Sharing