hxxps://latinxvoces[.]org/pp/authtryn[.]html#Ym9iLnJvc3NAY29uZHVlbnQuY29t

General

Target

https://latinxvoces.org/pp/authtryn.html#Ym9iLnJvc3NAY29uZHVlbnQuY29t

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7034240d1aa9d801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30976282"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "290360456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30976282"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "290360456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3CDDB5DA-150D-11ED-BFB6-DECCB8C75E47} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ecbea742cdd51744a22318f0bb77b68200000000020000000000106600000001000020000000fa79be2ddf96de114ce01773d9af3e938bc5d48ed20db772a192a6c0fc2a5f16000000000e800000000200002000000006a000fb5af4e59c68c6ab58e2076e89533d9649761078f9a11ef4b6f32c37a22000000005b9431472ae09a6546d7bbc127fbb3055b70950abe06017641a53e7cc5bdff140000000539703a3bf8ee28f40cdf04e0b8c8d2efc59bd3d8a507cb883c60b642174a214fd4f5a9dcf0a7d4e23888a8a46fa19f03117fae1ad313cd7c61b4b2916a7888b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

428 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

428 iexplore.exe
428 iexplore.exe
4908 IEXPLORE.EXE
4908 IEXPLORE.EXE
4908 IEXPLORE.EXE
4908 IEXPLORE.EXE

pid	process
428	iexplore.exe

pid	process
428	iexplore.exe
428	iexplore.exe
4908	IEXPLORE.EXE
4908	IEXPLORE.EXE
4908	IEXPLORE.EXE
4908	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 428 wrote to memory of 4908	428	iexplore.exe	IEXPLORE.EXE
PID 428 wrote to memory of 4908	428	iexplore.exe	IEXPLORE.EXE
PID 428 wrote to memory of 4908	428	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://latinxvoces.org/pp/authtryn.html#Ym9iLnJvc3NAY29uZHVlbnQuY29t
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:428

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:428 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4908

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\37zaxn3\imagestore.dat
Filesize
18KB

MD5
9ee9850ad46812f50014de1a3baac558

SHA1
13a98b83083404ee3bb416a69f150a1634ea43e5

SHA256
46e6c9cf38db2108a959422af852a027463d34063aa0431b9fda0621b9ac540d

SHA512
1360e7dec3df9f2495711a507d1dd323613f9f01ae00592044576eca16e2a2408ccccbe83bdac4db84856f09f968f4ff654f52e7a373deb4a87267b6719dd1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\37zaxn3\imagestore.dat
Filesize
36KB

MD5
b9b6b63534d17393e6bc3cbe9c881079

SHA1
ac642bc4e5c0388b0d172c8ab303e4eef620c686

SHA256
13f26e701a02402cbcaa041f683f3fa5c07f570ad26c232aae3c86800f34dec5

SHA512
8b4cc06e8fb366fe3e7933ff84bf79e18ceadf9e4897ed9a27749842e0e1f963a9b7b9b2fe898aaeb1ef1f8fece3845d7b614015c3d630bbdc4b3269424ca138

Download Submit

Analysis

Sharing