f174c68b154208b758b0ac5b00caebcc8bbe191ec113eccb82fd795344d15dec

General

Target

V-Msg090.htm
Size

465B
MD5

48ef4483d15652bc547599b731de5d6f
SHA1

d210aebbd1ef0105751c034993e055cbf282cc05
SHA256

f174c68b154208b758b0ac5b00caebcc8bbe191ec113eccb82fd795344d15dec
SHA512

2001f33b8e1864a31109a9e1c98a665e44427d359c9198fe7e06d31805df71cb192dad562d3c9af121fcf405ded277ee333ee18dc103d44b4d2eadf96f191d6b

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Modifies Internet Explorer settings 1 TTPs 57 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "64"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30975864"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\periodent.com.mx\ = "103"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "64"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "284"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "128"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0faf5eb78a7d801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\periodent.com.mx\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30975864"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "284"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3983773235"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\periodent.com.mx\Total = "103"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4045023541"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{18303A37-136C-11ED-BE0E-FAC7192405C0} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3983773235"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "284"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30975864"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "64"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010d8f139cb8c084e8de38914d087aaf400000000020000000000106600000001000020000000da16ce1658ac11f2f7bd8809de901ea260f197b706f79875c6693e3f9332b3cb000000000e80000000020000200000003267c5b4969d0076c4432748a00c690489fde8405a4e75fe820eaadbc4c0e68620000000d3771bfbac57242e1740b85846c0aa967a76bc09884a6ac94a7771a75b7fb37c40000000198a0da60984df1ae28646c3cea5ded93133ebe3c71377fad9d4fa577b5a6c31891c9bf140e79a5bc8a126d23caa89b1b2df641b8a6cd7ee6780bfe93196148c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "366324032"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\Software\Microsoft\Internet Explorer\DOMStorage\periodent.com.mx	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3463845317-933582289-45817732-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

4328 iexplore.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

4328 iexplore.exe
4328 iexplore.exe
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE
2144 IEXPLORE.EXE

pid	process
4328	iexplore.exe

pid	process
4328	iexplore.exe
4328	iexplore.exe
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 4328 wrote to memory of 2144	4328	iexplore.exe	IEXPLORE.EXE
PID 4328 wrote to memory of 2144	4328	iexplore.exe	IEXPLORE.EXE
PID 4328 wrote to memory of 2144	4328	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\V-Msg090.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4328

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4328 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2144

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wmsuct2\imagestore.dat
Filesize
18KB

MD5
1eebdf179c4ff54f930a916d12dd0fc2

SHA1
0f9676bc43b74eeae390fbf333a4d7f887b375fe

SHA256
19c591b219c3f3ab5fe181cc87f247be1d899abda62c18f7f7a7e99deace2773

SHA512
6ab18708b1aa6a6d577c6304ffc45260891d192568b6b24b4021b8daf030b19796dc90a20c3397ceed32f35d7a3d57092a5b080dfc99475442fdb47660cd9567

Download Submit

Analysis

Sharing