hxxp://int[.]vaicore[.]site

Analysis

max time kernel
149s
max time network
147s
platform
windows7_x64
resource
win7-20220414-en
submitted
29-06-2022 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://int.vaicore.site

Score

10^/10

google phishing

Malware Config

Signatures

Detected google phishing page
phishing google

Modifies Internet Explorer settings 1 TTPs 52 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{138E4941-F7C6-11EC-A45D-66E616BC8074} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.int.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000850f07ecb424934d8f5a48a59e73cec00000000002000000000010660000000100002000000081d31aa1d7bcb4946283aeebbf58a2ac95abd1e14a43cf1ad4d2796d0b4c9a6d000000000e80000000020000200000007b0155bf278739854d3413f5be9f2124c74217b0ada3dcdaec275f181d91eb9500040000fb3004cfafbe8d2502f7c7bd6b9af49ff3aecf18d452495392752d06e172d322958dd89ab9fe8a894a15be3f3932286747c13efa305f4cc3192074e2d0715c4d70dd27c40d81e728d69a5bbb8980451609bf26882353e5b6cec51b36231f11988a612960ac67f591af422201d3de3fec4c86870fdfc9356f29e17df66788b170d88f8593c3505334f222c20d0b5e541b3c2a4b974131581d16771c7c91c1a45eb020622ba608cf217e8b68343e8593fa758fa4dc2c82513b8a43de1c2f51b355da6bfdf43d368084f5c03915ff9ef5e3376008de5e57c52813be16d198947dc51df326b1d7ea92242bc8e890be5ef36b9cacb6737cb523a0f5d2d68f54695b6373d7f2e7c3518526fff9515ee309b84ffd97000020c64ced7b99d0e716870b93e5b55f6ba3eec6e14bf4f7519445e220ee7c39dd98fbfe673bb62998323d9d6ee4de31ba774255419d8493f678f93ded7fe24a53cddeca403b9588bed8f9d8cfae6ef3fca54dbbbb17e8db898278055f11a507e88d6a1213cc3f8ae4bb68c819f8e7a16d22733327c50beb625f71ec04ad609b56ec589ea56525e14057547991975fa353be7450438aef697c1d91c195071590d7ad08bbd50ba950182b76712f64d0aff08fd69368a806e9fe12ea015bf203b92de23abc20efb7810307ae640121d4759db2900cfe7e1bd528b8393ceb30a629effafbe3d8683178d78e14fb61ab74bd508e8e0075a4d00db7787ce311dd60eca55343034bca3d511933932058e23806699e8439e24360007f3b47c8c7be2ee53c568a851fd682564d8dc0c60d29b75b75d311605331074272803a519de068540e962c5503223c2c472852bfea23ae57ac2d2e1a5fdef1727e50e225b26a22d5269e9b5caae43e859f58d8ea165d4fb33feb07d7fb9dcc49ca421c6952e7e67a2d6c346da6b90fbbc1039827012f4b21b59b4ce5b2cc95776238844b64e311b508b2d6009fb0a0f2164da87787811955e6503523ba7ba500b4e4d7e1c3e87c6f6055e3a1f09ba28b9da553a3f07c0d39ffe758b65e718ed96dfabed50d8e74bc1ad17b411cf71aafa73d8ed6dfa4dbf97a993880db337d7a22a275a62f80846151fb6fce37e2d4794d0ddac461e8ffd9430d1b33906d105c9b29e3d45ad2d2551ddb96bdfaad31e6ed4af8f347fab3dbda41f16277244825c388b948862bbda61c13937190bcd5bb1d2ec722dd738e45206a23903a4a44bcc58644df03b3ad54472cf961f2ef78e5a92bd01b7be64d27da6a332ec7de662b4586eea52a82e175bebf66f3ae0d2eed5f06d27b64f7926b3194d0a1e3c631522616de6d30488bfdf5196213494fabd77ac8b4f76e9f279123305e3e710014db30f323a2ba165cee02f2c70e2ec6a70f75b7a6e97ee70f03b2005af621d65a11e8282673499eeb4b3da3d3b1434c0af9d5a17d4c8a40000000b703d3b338f5dfce4f236e314600244e622207e4d64674cabbe4e80c55fbf7204af0b82fa1f1c69f9d5f09a02e486e4f7fa5c96f2ef08a81423b1da290677c38	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000850f07ecb424934d8f5a48a59e73cec0000000000200000000001066000000010000200000005cb8c30413b4b06a50fc656be41e80950484f45459b5f35f3e45afa15ea8af04000000000e8000000002000020000000505aa0a0d3b3d9e3fa8ec54a555aebb2a120a48145051406630834d72951961290000000b3aad0b172512146858b35259bd4f3cc04c905a2723c908fb683ae22130e2ffe1c4eb67f6bc1653bf0eae6c8ae31810673743b0519158c48da914b02c8b1bca894fcb737897a1fd73dff1469777b9a35902e7070c95750bfa579d8f0d5c0038aa91aaabfa3a57a1d93bbb617b712069a032f5d732c74c05c094f121b6028bd7ee04511166745dd5dae968440d6e2858f40000000c8b0b4ed15e82d5b12c0c5718330a715aa016acac6a93915ed76b3bfa5e02232de6c3421b72b8ae401e8ab65cb700de71dbce7eadca320a7ccc8fac6c009c61e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage\int.com\Total = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage\int.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.int.com\ = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000850f07ecb424934d8f5a48a59e73cec00000000002000000000010660000000100002000000071782be182d44c8b4d37d0d3190689de62d77180c20ccfa492d37ddc3e7a916c000000000e8000000002000020000000ef68b7141bd563788f2f92766e97efca6a5e12d877585956dd6302c98c709f20d0010000ddeea5bca7d49abdea52975f236db1496985e048f2ccc5adc754cd1e3fe77c9368f5b17178c151b3ec1768dccd248f07e1e0661bd00a9f01f164da8a5000328b133759fcc19f038a40ce7cbf15a4dca4eaece050cd83d87bf93734ea8d910f73e5580d592ed7bff56616c1811bf298f0c1f70c32e50c7aaf5192b1fc3084bf13aff800dd0addc0c8f7eafbd9e749f3f98ed9f9bdd922288e7a3aeb536fd641cebe3cf29fab8c2de1875785b5532ab5d7a03c92d20fe33ff3e29916b0c0f62d5fa2e09a4d9e6890265c8b97991cefefce5a30c9ea4f4021367dc6db7b08eb695d309794f64b51f36612f59ddc29b9b7fd47657f2a30190fd0376c64d7c633b3fa3bf3ed5965753986612d86660a5e4da872bf8583f63ea1e08cd96b2daa35a715bd0b1810770954d3ef94ce7eeadfdbab7a033448cfc4a611c247a0094b285eb2279d2d0fc824676bdcc3272f7bb159845a80c2dc1ab1860c97a345137a20bea3d80afe5bd4736a4279eb79c6a8282e41883047726947ab7206fdd4fa95c7aa03c760e22951db592deadedfce89dc53e9e13a6db1cf1b595786151b9c1eb05c1062ec6aa064f157508b5f13132f86f5e622222c95ecd325c7285fad8e85932691c39861ad7d4295ad9ee3684add6271a740000000cbee2a9fa890dae24259c9b63c6cbb464f3fc9b941acf1506283c946a7c88ca42a102908e14f16eb59f4261a011baafff1df8b3ec6a9bbf3da6a24bbbc8cc68d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90b228edd28bd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000850f07ecb424934d8f5a48a59e73cec000000000020000000000106600000001000020000000d491634f4991f29dcfdd0ce9303b7a5f5a50935bb1950dcce88d6c9c2e3ddf36000000000e800000000200002000000074bab101e30f3e43e4475d8ca58ba32ae4e051d93915a644ece28fda99afe43e200000006aa8cd65ef2d840a7e27c3225f6baf7315cb8e9ff5ce73148f956a705a992ad2400000006e73cf3c835750fcbe77608ad307650167af84bedc0ca8c18364db850437ff50acd2e2dad783ba576fe4348f763fc5df3f55971457d7fcb0e1e1650e8edf82e8	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000850f07ecb424934d8f5a48a59e73cec000000000020000000000106600000001000020000000b8822c5e495a348cadcd2d7dae5c7f5611456fa86d91a4b50751521bb01992fc000000000e8000000002000020000000d0e7b502b0879880cc7060bb824b0614ee110ef36a5c0ed6e1d35ab058eabd92600200005eb8675ce6099a22f8c8db0562c2c502f6e07a933bd3bfaec53871a35c33611fb400479d8011798c3e38c441c50a78068fe3ea47f8676de41286296fcc9e4c9cb234db57e1ca8b274f9e33b0251e78707e7e89188a33995bfa44c85121a1ec0c8f418bae1299d09455c5ddffe29080be718bc04f8b2bc4d4598dc0e9dea5344574fc4b3f3ae68e3a62f03f440ce901bb7a2303ea7553af699caf0e82cc0158cd984d2bd54ca9a4fdcc88d7eaed4be5f3b92b3cc6d7fe98ed630d216c5e214646074d524dd8d8d10414c914d0a831b899361c51dbe022a4dcdf3ec6924a3d07f7c3f6563bc6c48c916f3a84bb23555caf5b85fb51da250851318bca218dae1addb744825ef2b6bc13d3fcfaaae8b87b8cf29f4ec4c580478a6614e497e080e30a270182c1bb6748a5dd66f4d0d620accae0c3acfcd029aa6a365a63e59e46666ceb08175faed4fd6634933d65c960f4bad8e81a9254f308c991c9da9366941c4761903a4d18fee63799660a447abeab8fb28673af17b7122dbf89a6320fd26e1bcd7c8b4b2602da6a3ddd9353e5033b0564f4445cf5e38e83c910ddb99e6ef926cda4797a79a93866438128779abd439985d31e244a50fd6719ce1f27c1a97764dff10c97cc2884c94d7c5c3ac61331cd27d927fc2eb8f5d465110cf9ba89051dad87553bf7a2d6a810bf8873a76326553853b4ad5749a307b2fc039d97a4ead096a9cb26ff9fdc1dc13bf7a20ed96e0a43a6cc943291ef9fed15e92fef559c48a245724334b95e46888084b8f51014b9ed9e1f466af53f545d89ad10a0171a4ee2b11e7bea97f655a3ee41c82105f637a722a93bff567415e15c7cd9b87f6b74400000006af731935744c13fc00bee8a031f82711e10765267b2ebd86866154b8f0c8944bd7021497e17fcda16c3f2ac159a23092bacdfff3192ca74c2788834665dc932	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000850f07ecb424934d8f5a48a59e73cec0000000000200000000001066000000010000200000004b1db22863f64a13cd9164cc179a8afb714dc33e35705d6d562497c55aba5a5c000000000e8000000002000020000000ebc09ae0539e57a72e54d6027ea6a36d1c4cc6ce75dd39c0991c51bc774f3668600200002116d5891ac6058732ac6931556a31409a1a4f3dca9f663f2a1170016742138c27910b08889c12ab116d59c15279e6d2a082af681e9dc58e0f320e78ba3aad805253b6ede4e82cab4241f1391069482ff0aec7f1560ab257fef1734f7b9a75f79dfe4470831a04d379001a2246d752bebe0babbc7c70d7398bbc13938e044bacdd93b53066042852d7d29ecc8416f0047e1a48444c11cf4f4870bf5492da647c41c80cac030f4988d0f2dbb478058b82d6c61cf1d6c16f9f154710df0837b4312bf6892667b06610cdbc63f785a7659f1264f6ee229bc56ca6efc35557ac48592a78912db82d485594f37814daa35e004826ec85d513309ddc4734c0a91beb71e75e141d4881290b43ab899107b2583b92044c55cee510c8cc3ef54a5c445bf6e776352012a894fd4857e40676469ce93316a3ebad6ef33f6c37a0c5080a016dfbaf72fb30312d118aaa80373e33c98c83e204378fcbe11d5dfdeab36d588a0b7f9e0bdbc11609694bfcfe47c321c7a6c55cbd10d9e21c975a08e3c386d04d7448055cadb0b38a15f5abd69dc7d8d29652f03f329856e3758c56f32d6551ce8238dd1b9141dfa7fdc8ace9c17ece8cca544d54692b01cebe098ecc1957f9bf3b1d0e0054dff16113e1812874b7f218c3296159fdbfba99d9edbab0fe58ac6b126aae64ee4030f4b0fdb5b01974bdce252c6a49d8644f5843ca1406dce67ea84983b668d0ef8aa55084c485dd0b19877a90aae328a5d5b2884e181db573075c9b7f6e8fabc95cf436551abba783c0c23e5b145ed6ce8d11bc791dc48bf46c377d62eca5a25a737143a43cadd05f426c45d45245c477f84e6b7b5bf7aeede64fdf400000008320f1fda5b0517ecdc1e36bf69b0194fa49cb692d33751b21f6539aa6e10f999f2e27ca43c913068647dd0d348741d6e4cd59da5aab660eb19944a39242692f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "363284040"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage\int.com\Total = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.int.com\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000850f07ecb424934d8f5a48a59e73cec000000000020000000000106600000001000020000000a827b3e3e13e27b9193219d4b39940ff748fa9ec828b26bfc936e54b788ed717000000000e800000000200002000000092aea471884b4748e86849f2ad191a2a108a07637739343facc85406e8e31402f000000026050c0d4e116e092f716a9aabe9ec53ce96d9e9f435f5d65e422790724128ff2d4690573fb4a286450b6a02f61dc5c95ed048c4a49f6818b95ed5437f94580e793fcfc955d2d8fb12aa6c68730f1b9acdb0f60d6ccca15910bce94a7bff00504006788fc25e1071345c8877ea9e9fddc08e990cefbcc2d9e43dc53e17c7ed2c10eaaf9b17ef6e9193420bf0144ededcd8bf1c1796f0763182abe47b860cc46b1c11474b4f1f3c2b5a6c86ec9585d3fd890cc987ee5f4f7ea7950a40b64404f520df0eeed1f0d3c0ae30f6a1bf7e178b6e1b49ec135a7b11b694d5452b2848a152cf57300570a8627d10c8932e77d03140000000f66d675ae4fbb4909a5e45c059895f7e57a286cb9a99b526da8e351245842a5ffffcc81d7f6fb230469ff0d8af65a0604de0c8e8baa88bac419c5f9160f89ece	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DOMStorage\int.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

1664 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1664 iexplore.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1664 iexplore.exe
1664 iexplore.exe
2016 IEXPLORE.EXE
2016 IEXPLORE.EXE
2016 IEXPLORE.EXE
2016 IEXPLORE.EXE
1664 iexplore.exe
1664 iexplore.exe

pid	process
1664	iexplore.exe

pid	process
1664	iexplore.exe

pid	process
1664	iexplore.exe
1664	iexplore.exe
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE
2016	IEXPLORE.EXE
1664	iexplore.exe
1664	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1664 wrote to memory of 2016	1664	iexplore.exe	IEXPLORE.EXE
PID 1664 wrote to memory of 2016	1664	iexplore.exe	IEXPLORE.EXE
PID 1664 wrote to memory of 2016	1664	iexplore.exe	IEXPLORE.EXE
PID 1664 wrote to memory of 2016	1664	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://int.vaicore.site
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1664

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2016

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
Filesize
1KB

MD5
03ccc54d64964650500ce38f0e6249f9

SHA1
3463ac3f42b3700b21e34cafbad6f3c7a1ea0b8e

SHA256
abf31bf5e2a5bf024144a6e904b6fc6a8e046c7679c7b9a91399fc462763268d

SHA512
25e5d541ced9d301f879d454a34f6633802a66e5cc350213c72e13a5ece6ba891274a3f83f1bcf6e20f50d66084b95fd89f06e51abcaca685f3bcdb9e2fdfb77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
Filesize
404B

MD5
3c5c58108cfd4402cd4255b017df6e46

SHA1
3568515507f142617615291f095de9a7f4fa07b0

SHA256
a7eebdc12fbebe9e414094c76515f4fd9a08e4b928f74c719b9b586063f44d8d

SHA512
0e963b281f434121418c085c537648022b35387e6eae11d7599b1485b20e7893e3ce23fbc5347d2184479eb9472beeb88a0f4b47d03398d8282c2ed527f23ffd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
53de81555d824e73f592794c8d4a99f9

SHA1
1674e8d28aa0b8cc1f220f34fa2c8366bb1e4391

SHA256
3f9f4175d825ffed03103bdb5f106444189b37c8e8598561a2b44916bfa058a1

SHA512
3a7b8b66e7dbec51a636bc1f8ccb30573e64261e96ab3d05812e9bad584b581595143eb88465831649158164b89032ca07b23d7e79d2498952d0084b6e91b10b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9os4y76\imagestore.dat
Filesize
12KB

MD5
ff549cb86015ea24874c1c1744c70256

SHA1
e8e3c0c28e243dfc8405019f65c46294cba6dc44

SHA256
6de81cd27c5b3d4e68789cdfc8209b316e6041a0d7d55d0deae317a6f1c81d91

SHA512
6f5608fabfeba3e4acbbe2a750549321ca9b4098e2743e0f2f7a3bfce07521903fce5b4a3f1a8ad91c22eb0207069487dda01ef408d894fd65e59cf791238dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9os4y76\imagestore.dat
Filesize
12KB

MD5
ff549cb86015ea24874c1c1744c70256

SHA1
e8e3c0c28e243dfc8405019f65c46294cba6dc44

SHA256
6de81cd27c5b3d4e68789cdfc8209b316e6041a0d7d55d0deae317a6f1c81d91

SHA512
6f5608fabfeba3e4acbbe2a750549321ca9b4098e2743e0f2f7a3bfce07521903fce5b4a3f1a8ad91c22eb0207069487dda01ef408d894fd65e59cf791238dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9os4y76\imagestore.dat
Filesize
18KB

MD5
e8a0e5e88f7d0309079c25bd36848e95

SHA1
9eff2b469afad11c37d9cc9042b3ebb29623f6e8

SHA256
b6a347181b4d5997ef014b53a13f4465a8bafa4e5cba90ef2296ed31fc17d82d

SHA512
1086c5d95671aa167dba4225842c780d9fe13c12896f8de76deeae71a8d3358830e7b7e015ccb4f1d2acb80d9ffb3c6f27a896c818365eeb9b5f3243dc6a5f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9os4y76\imagestore.dat
Filesize
19KB

MD5
91b0b92901d4916593236d23fe72e88c

SHA1
d68ff96e9901053744e936b53356a70212592422

SHA256
9ba2f7ce62af37ecf1f917cc56a01d8085186f969ed627cb397f0347ef6148fd

SHA512
d59d95c7e371857ce6aea820e0e25e662db6e86995975d3eb066a7c6590ba5329659fbc8f12c019ca0fa4d9ea89d088640bfa1b74997a18f42a6c91f168a3b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YM59SHP3\favicon[2].ico
Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4JQTBA9B.txt
Filesize
604B

MD5
eff85af9b35748a6015a2c72310c3822

SHA1
6a73594e590de90badfa6cdb70c3e0c6b8b6d5b8

SHA256
b1e55282bf2e420bcf68cb02a3bf1226f4f49bf60c2d5e74fc56530a577a87f2

SHA512
a20d3117705981fbe0284bf23c25caa4cd62236d86a5c802b60f2f6ef64cb0fb9289ece3ff5a22050a737eb9e1c071f2234afc0c8c318270c5e171ff9d92e3a8

Download Submit