hxxps://www[.]frontrush[.]com/FR_Web_App/Message/MessageTracking[.]aspx?code=ODYzOTUxNTsyNjM3ODcyODtSOzgxOTc7TA==-f+lhm4TMRSg=&redir=hxxp://8023[.]vgGUpdEBLV[.]hmctech[.]com[.]br/?=hans_vrijsen@goodyear[.]com

General

Target

https://www.frontrush.com/FR_Web_App/Message/MessageTracking.aspx?code=ODYzOTUxNTsyNjM3ODcyODtSOzgxOTc7TA==-f+lhm4TMRSg=&redir=http://8023.vgGUpdEBLV.hmctech.com.br/?=hans_vrijsen@goodyear.com

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0c5d86ac3a8d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005fbcd10b409412459e4a784628514125000000000200000000001066000000010000200000005ca77eec48e07e32de720d9baa818e7f8fb27caf1bac2457195587e0bb52f619000000000e800000000200002000000094a1cb32070dd0992dd53fbee81a5f043f9b81d2a6383e40854c46f87a7f389520000000b4c9d565e577dd9a167f673cbca379a90a32b016bc7bd8b3db44d9633f6a39f440000000bf0d221f499a70afc7b40f29132d7f3e903755f0eaecf6d2136b28ec9b8190cc753e60b03e24a4ec4e2780f1590829d99730935dfe21823ac985e46011fc707b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8FB28471-14B6-11ED-8C39-CAA3FC863E06} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005fbcd10b409412459e4a784628514125000000000200000000001066000000010000200000001255d7cb75e63945d380e3c5fe01fa822ff95f0d4b3ea9af6bb1e452c395e0cc000000000e8000000002000020000000527932ed8b494cd6fd9b289ea515272863664e92642a8451bd81acf836da7ec790000000e0fdb223d51a281642fca3ea778ea002b744a587dfc30a8f63c78ed5d4e653817fd8be94a4f584e8b7d7658407f5ede21181b28e909d003144bf1153d1ce9afe5f20f41ae1515a9efe1c888240957882101c2e675ea8a5f8f9c3e6f963072cc9a2f739b44e4edf971d82e26681f34b54d88c958d4f0f8c5432ca60c8b187b747b503a79541a01f21003b98bdf3b3ebf2400000009e50650fcf25402598ff5e1077c57d46d209295e8da208cdb3020fa1eb50405be88a8e5a98db7ad72fb940a862b88b08e03935f705ed61a8bacae93c5e279f29	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "366465960"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

iexplore.exe

pid process

1964 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1964 iexplore.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
1964	iexplore.exe
1964	iexplore.exe
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1964 wrote to memory of 1336	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 1336	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 1336	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 1336	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 1920	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 1920	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 1920	1964	iexplore.exe	IEXPLORE.EXE
PID 1964 wrote to memory of 1920	1964	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.frontrush.com/FR_Web_App/Message/MessageTracking.aspx?code=ODYzOTUxNTsyNjM3ODcyODtSOzgxOTc7TA==-f+lhm4TMRSg=&redir=http://8023.vgGUpdEBLV.hmctech.com.br/?=hans_vrijsen@goodyear.com
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:1586187 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1920

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
340B

MD5
627627c3dfbfe05cecc1d2958bd53e17

SHA1
1cc42acfcd887aa83302e21ea0ffa08dd136cecb

SHA256
273bc7648969e82abfd38a8e47f8634600eae282d215616d1db2a5399428a69f

SHA512
3385d7762a98effd32c406e2abed7c8585e2a7b6744638905e13a5297d84e3e5dc6c88eb77e4ec0d63880ba703d6da12889043c90e37d35ddf98321753c423dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8TDH2362.txt
Filesize
608B

MD5
ef481c5701156b54071d24e9157ee74d

SHA1
2ecbd2b2e465eebe24e66813b611ff4762e681f3

SHA256
75e6c1ad1550fa47ba01feebed07a622ba9cd0eb3f9c0b47f99e45f762e696d2

SHA512
a2b1e94b1b52e121bae35f6d539edf37a0bfc7148fc26372dd9c06df02ab8f7ee0e56abf4b15c17a41b46ee0717b8a17a789cdc0277ebab3ca9f9ac2813fd172

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads