hxxp://0[.]0[.]0[.]0

General

Target

http://0.0.0.0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\User Preferences	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURLFallback = "http://www.bing.com/favicon.ico"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2351439355"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30969971"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30335a8c7390d801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6D30782-FC66-11EC-A996-D21BD5563B90} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30969971"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconURL = "http://www.bing.com/favicon.ico"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTSuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IENTSS"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\URL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30969971"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a0091452196c9542a15fe3a68c7168450000000002000000000010660000000100002000000092036d678ec070dd0d11a9483e19f0b3fa92c1d42877339cc7b4e1a3161ef27f000000000e800000000200002000000087e9d6366937f569160ccba3e603db0462656559d71377b5662034abd5d3fbe6200000007a97311ac199e97d0260c90bbe91e75e21043cded6c62ea06ba71f79b857953840000000bd6dc3318a4810f3015042931815122608ee562229e0541e7695af184572da81ad1fe829c7b718685526f39669543c25d15b2480c6dd378f7236c04fd2ce5c21	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\Version = "5"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTTopResultURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTTR"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoURL = "http://go.microsoft.com/fwlink/?LinkID=403856&language={language}&scale={scalelevel}&contrast={contrast}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2351439355"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTURL = "http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IENTSR"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "363792838"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "363809433"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURL = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a9638c7390d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "363841424"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 7cdd8ca08c50d801	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\NTLogoPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\User Preferences\3DB9590C4C4C26C4CCBDD94ECAD790359708C3267B = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a0091452196c9542a15fe3a68c71684500000000020000000000106600000001000020000000122e5bf8c4777dff2dccf908beba998e2a32a49b24c06fa312fe8819d04c2cc7000000000e8000000002000020000000a2a9524bd33cf2d11ed72afdb9b36d6a8daeadd1877bc69fbe657822ef6f39e7500000001934746000658439ab514dfec103d7fd56eb5f9d9a7df4fc45b7ec0be6c88577b9f75b025c5a49b072d3cb904b55b5bf18de1a3437eab9d6ba02c45191e156c933eee3ef94a1bd49fab2cd5eac2f04dc400000008470f67a4be2b243d6020843685932bb3a876770da8117308118e9f9ef753bf6c8dc1fecd041135a689832b5eaa4c4072ad00f38dad662275f2cde694625a1c3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a0091452196c9542a15fe3a68c71684500000000020000000000106600000001000020000000816697893030485b00c59903a782c231f3f295de8d1c0ea1524af62d9ca8278e000000000e80000000020000200000004462ea94e118c2e37244fc2e3328f0fed26a31ed5d5e9670f2b68027487228af200000000e9828d148b9f254853e6a4c261217a2e742f274369f30d3b9606325367c796040000000e027fd3fece9d32cf3479b71694d2a413e16fd429c329ed60ca123fef495d0649d6379d2ee3b277a39ed52cb6a32425871cbeb5bde9fffc4cf91f7f1f6adfbc0	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2357376981"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2357376981"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4236190499-842014725-259441995-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

2636 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2636 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2636 iexplore.exe
2636 iexplore.exe
2696 IEXPLORE.EXE
2696 IEXPLORE.EXE
2696 IEXPLORE.EXE
2696 IEXPLORE.EXE

pid	process
2636	iexplore.exe

pid	process
2636	iexplore.exe

pid	process
2636	iexplore.exe
2636	iexplore.exe
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2636 wrote to memory of 2696	2636	iexplore.exe	IEXPLORE.EXE
PID 2636 wrote to memory of 2696	2636	iexplore.exe	IEXPLORE.EXE
PID 2636 wrote to memory of 2696	2636	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://0.0.0.0
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2696

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
831399867695e8e2e44f24eb7b73313c

SHA1
403e123384b3ba656e3e1cd3815dad4a1664b224

SHA256
833cb46e5f4be363e955f5f3fcd655f1e610d5e33b0ae6c83a714ebfc9723f8c

SHA512
17e637f6508aaa1589cde6e4d9e230b6dc02256c2bf1d0dddeea7958496b57582944e1d9fd17b323573f3214f73c99dbf4455cb7ba00075605a498749725ff16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
434B

MD5
4432d9268520c2ee7354fc4e91c89642

SHA1
3b57b22961d56d8c1007e52be4aaa8b5acf5f211

SHA256
72da5feba43823ae4f932a42141391bba45d84765441320d8f8936534fd5c28b

SHA512
04fc350afe570e540ad45c24d1761b85f47e91800a04224f6801d8026db7c8d00e0efe86c8940a202a9fd9f4bb39a2b32e35dd57503a3adcb503f114ae14f554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\0CZAFMAL.cookie
Filesize
244B

MD5
15fdbcd83d5381434d2e975bb5873845

SHA1
ce31317fc1534ad9b73a491defca8c52eb37b7d5

SHA256
0ec65c20105d5a328e47c957963e2726707fa2d62f15907d6aef3e4d6a5cf230

SHA512
5dcf17fabc1b253f7c8f0514fe2d10cc078438efc54028f802d3cade6f8bd8fb6cd21710f18d84c37eb80339517be7f7d73e60cca5e46930cae152b43bf2a361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\J5JZXTXY.cookie
Filesize
615B

MD5
f07238ec16605d81b896ffe255a61d3e

SHA1
0f3b17edaa0378a1ef206eeabbb452f9f3a6813e

SHA256
917d1e512dde9aef97dda721862cb3b8185a017c42773e5119994379f4025343

SHA512
ee60b0abac07ed24753df6cf3c1eb8b2d5a47acf73642c0b7d6a17d171575fbde6229ff010bfad39abe962bf697cadb64613f37cce79cfbc8014c31d5776fd98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\OG7EL12P.cookie
Filesize
615B

MD5
bffa6e019c77172dc50bfac3d9700552

SHA1
bf718c4bf386ec450170ac18321d25b0fa996357

SHA256
6cc7da9c9fed904da4589d71dddf08ac20eda5493d1fbdab2caa7ca88c9c294f

SHA512
fbeaab5e6cde54a178593f5075651bd1525283f254d6bd3c7968cbedeee3cd9a43a359c975014a29a6c7f40324cc36ac40ff0363842a535e424b8c66f1411187

Download Submit

Resubmissions

Analysis

Sharing