hxxps://dicasdetransito[.]com/x[.]/FIXED/indx[.]php?webmail-std-en-us-suite&mail=&domain=

General

Target

https://dicasdetransito.com/x./FIXED/indx.php?webmail-std-en-us-suite&mail=&domain=

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B37B4700-034C-11ED-9674-D2F97027F5CF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "364551328"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000084542a0e2a7bb54d9ef6493aaf0b9e7600000000020000000000106600000001000020000000a142debcd05f1bb8962c01e7eb5c058fb87e5426239de4ea4d2f821567c3dcd6000000000e800000000200002000000004467251cdb895587419e1c1e6dce7232944cfa49f60cbf1d3c7c054c2654b4f90000000fc82a724105c5a5fda18a2816202ed2890dc945eebe872e14cdc97685fc09b74a29ef6e90738f568ac7a7441da7e3d96848ba8d537d6fb3652e94e2f3a5def1b8a7d4fac2689f66ca551d2ed2ab7e6a10f9125ef1550723a39e5679765abc6ece113869a2104890549773f3ceb88b0e508ed54e71d8370e08bed948c6d858ad57d37fcb8cba87bc92fbabff42d8edde240000000889f5834b958048fa21653c483de02607a230aa42a1d0cdf5665216caeb4ed4f5181e04298a19590930460565964a309bb7b44f2b22409e3ddb9940a58315498	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0a53daa5997d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000084542a0e2a7bb54d9ef6493aaf0b9e7600000000020000000000106600000001000020000000b6e360ce4d7d82f2d5d0a1fb9fce8a0fbb9e8850d1e2f7addeeba09aecb7959a000000000e8000000002000020000000cbe8b1ebc79886c9b424748a8307351790f1f1bc0d6583a92ef358d311db01c7200000006cb75a9ccc1caf076077c05af9855713d78e11a24068e17cca23d20b779e866540000000d8ca5ac5cd2c47277889f44fa1bed360f73b976e0223d48f5fe0af7544966e4b39976199576018f86a318fb19d71f48b3317a828f1860e99511a6a9c1d737a64	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1648 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1648 iexplore.exe
1648 iexplore.exe
940 IEXPLORE.EXE
940 IEXPLORE.EXE
940 IEXPLORE.EXE
940 IEXPLORE.EXE

pid	process
1648	iexplore.exe

pid	process
1648	iexplore.exe
1648	iexplore.exe
940	IEXPLORE.EXE
940	IEXPLORE.EXE
940	IEXPLORE.EXE
940	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1648 wrote to memory of 940	1648	iexplore.exe	IEXPLORE.EXE
PID 1648 wrote to memory of 940	1648	iexplore.exe	IEXPLORE.EXE
PID 1648 wrote to memory of 940	1648	iexplore.exe	IEXPLORE.EXE
PID 1648 wrote to memory of 940	1648	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://dicasdetransito.com/x./FIXED/indx.php?webmail-std-en-us-suite&mail=&domain=
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1648

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:940

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
384c8215766d5181c09a72838cc57e14

SHA1
2d91f9b137220068aff4f00163661fa3bfb27210

SHA256
0e6d0de506cde21e934c5182013fe023d26747f488704c8600fa0bbbdefa1b97

SHA512
ac0625126ff9506d77c026c4c7dc2195aa7478084d9d7960a29303ed7cc3b7d6dac8155e8f2bd9e7cb0d101e7fe7be6675b505626ee572fd874ee4c89231b9be

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N29IWXNM.txt
Filesize
607B

MD5
51d68ca107d070625cbcff0b3025a98b

SHA1
a1471712b39ec4f28839a68abbccecd8272a4fa2

SHA256
127c8fad85210e852231485b203405dc2f7737f79cb6fae2e3e4ecdb2c130752

SHA512
ec9661bb9f5f5855097a791b1fac39a25ee669b1e36755f4b798d1fe51591c87865a8298abf10efd37af73fbb2256930f0fead462f0fe4db663c16beb2cdbdea

Download Submit

Analysis

Sharing