hxxp://www[.]microsoft365[.]com/

Analysis

max time kernel
141s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2022 07:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.microsoft365.com/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30997887"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "124"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft.com\Total = "124"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d080517ffdd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.microsoft.com\ = "124"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043e2eb2e51ccf149ab640c8bdb0d790600000000020000000000106600000001000020000000d691d96260dabf496fbfda2db4b2156a89ae26839d3f675b6680c40e65440328000000000e80000000020000200000002a557ea9693393f508668f8d28f8d6659a579feab93ff71fccde16facd7bdc4b200000000d2f64dde9afd3e52c73389aa8dceb89ab1d4aa86bcbef43da790b1919e8382640000000b86bfef8c50ee8a39a6523ec6ac11bf59fcc25a870cf5222dcc958a4426ea0205cb993a9e5279b587e44169616a1453743d1c807120cd5b52db09518fae774df	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043e2eb2e51ccf149ab640c8bdb0d7906000000000200000000001066000000010000200000007602daed1925839284f261b79a8addae07d7385268d2566205df2f7fd73723ce000000000e8000000002000020000000b30f3ee9ea07419e5af87ae8c4ae1f1fbb16bad3b6ef0f723473821e2be3206ac0010000f41ebb505660595df4004fb5075d6bd2fbabac1e51af42f72fafe4fec7c2cae618a153af964a58f21d461927544eb64dbdc7fee87d78a7b6c5b27adf9cd63de6edd17de816b8bba1988af646c540176d33a5e34f0070f359a37e0fbf643e3e9838a565f70268a843b3c4185491042fa51713d166ae880bce3589737f574c1c245806acd26917f7b0d5536318a0ac3424275e976c53c590ca4c09fcb8ac89c2edb93a73b1ba277ff0f33433dbde158299e7683e206965129ed2e7ca3e205cc242869622958f70e12f53c016ff696e92037877401f33d844b4d88a3db8d77a719e46ac8510c619942dd7520bc97ee4b1b8b07542ae0174e9bb3ff9fc67dd81c62e5e34a4660f1d5e4491c173b66613e135caea367601a554af4825c777405ae2f3ed0a49ae3d3d2d6bedf6d74cfd7239b89670a4267152a8b62610263cd36c119e3bc57851c9c9da4d98070555f763e3f654cc914acfbf230d957d311c81a9e160b5a59a0539b12d14850dd37e2dd08d9dd7917f000eac68a6fbd3b3f4ba9287c70cf77adc7db9494661c8bab6d519cce4b4abc2b267570c32116e0ba32e63138b29ffbcbb968174ffb74fbd0d4e7af3e78db5733aa7cd01bd1585b1beb8713854400000004f235b4528c300c58915abccc8b4265a315084cb43d06e60bcf7bf7cfb4a8a2f9a77bace9c54a01e9ebe2da595337fe6777eee43c51b9fd7de52748e37c3f2c4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DOMStorage\microsoft365.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DOMStorage\microsoft.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d9d4627ffdd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft365.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1332248537"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1341155161"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7AE98CBC-6972-11ED-A0EE-CA596584895B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.microsoft365.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043e2eb2e51ccf149ab640c8bdb0d790600000000020000000000106600000001000020000000f8ce2b4c3e1cb9911c0374da5c569f2f0b9e03cff84d99c64668acb3ec768027000000000e8000000002000020000000cc0690cfcb91695d48d6a2a5eed65eb369099da57947286280236221d3e81f0e200000001b26ec9c79a78de7a0a3196ede7363dfc6c5bfd5578fec17dcc7e33ff0d163f740000000077b105971928d00e59b94ddedb11edf1dd38e4a6df5779e8ecb3bf54d51b00fc2a1c4d5f52e73fa9f87eff8524ce3faf2a381d2ddaab36a4b20532d61c3b87a	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30997887"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043e2eb2e51ccf149ab640c8bdb0d7906000000000200000000001066000000010000200000000542076fab316efeb5c38ec04552fcb0fa7b423c1a8893bcaee4267d350cd982000000000e8000000002000020000000783b070b5b2899d934df9f9bbf0ea81226535d044c5932808db21240e317ad05c001000070b6cbe254ba25789efbb3de749cd083e58637225805b1ea05e4fa50e8c5e1ff0220aad79c8c28483540f33c5b8727171ee631cc2879dac2aa41cfbcdb722b4927b55cf486493d8438bd8fae76578ed62a49f90051415a49d910fd5e4434a89e37ec1e3ad6f5970678e140cf30774eeb5043ced633bc291b2df4489e8d3e9a10a8621dece229380271c5f409e7466745d340c838cb84c9cb6b8cc6ca35132c6e67dbc1076f68dbca91a42ee9e09cfbe38f4f0d48c05f7d88cbd5ac8fe07a6b38b702579b47ad14814baf32912d3730af1924ddad89947936855178dcec04133a543bb78c3f0d958f3e1f7fcd6027fd8268f1bb7c9bcdc656efbabf35b7c4de09401264ddc6ed146f3a86d33bd3a95e4ec3a0ca4d6624002181cd93cab3e633bf078d8c316a23150ec0d0bfbd6433469864ab621771be26277b6f02730dfb00a78962beb07e7895f8c2b05de4fedb59dc76d6677fa94b058364d279db36fb62a8a2c35e5883d1675ed0077c35e6ce1755166dfa1ce3346f4e60b130933c6345249f3eeeac0dfd30c9d8077aa60bd3df53d12897cc9849cc6c57c2151f812d4c2935a01f4e9856f15e473b947b4114ec44e21a87ad8d0df124366c15747756c623400000002e3a3fdca689dd123d120f3a955bae8e9235c3da8dc8c3400898e4d4267259cd78ed32edbfca3abb61edf7466aa5a0309a6edddde46317ac4ee70ec2cfd33863	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043e2eb2e51ccf149ab640c8bdb0d790600000000020000000000106600000001000020000000ee2b996136ada78ce185f5c680fab7cb305d1debf5bc0404ad998c6c7101245b000000000e800000000200002000000009391328fe4241f6c6e4e610dd6f2d6ab6b7e5c2622ecd58b26342f5fd89edd020000000dfc2eb873e904a96061515e77e7daca7ccee507b7f70b47a0d0eff513fce3e6e4000000031927d948ab1ccd89497f419bc02b00cbae9c3a9d85ca8474a9e15324f9144073363f55af3a0fb9258c049ca8036a546c5309ab91d3c6da939bc7282237dad8b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft365.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d963607ffdd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043e2eb2e51ccf149ab640c8bdb0d7906000000000200000000001066000000010000200000002ddd9803803b8e2e7fc22577ef94f55622d8a008cd69f2028f99e3078a0e2af2000000000e80000000020000200000008a01bffd19bb35e7dba208cc14f82ae679edcaa9db8287c1b77c145eeddad4df20000000454baf078c06cdb085b4483ea26f26bc162d6c3e71639acd24e5a28b56e7422040000000dfffe7901f2c4d23227c1af586d92080b008c4ce3ebb73ce047dce57a86c689a9452a5267873a3de9df02eb088e2002fd38ec4fd1dfa670d398df210240c305b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043e2eb2e51ccf149ab640c8bdb0d790600000000020000000000106600000001000020000000d88a48d0000aebfbfc785f0cb290c4de11cdb8c0b2f27f895002c4c0ec86291b000000000e8000000002000020000000dcdde6e7df6088f81b5dde7712b020523a8712e26125e9647fcd399b5d96f02f20000000ab767c6849d2d08d2dd8960d3603a22f16bed64ead526d6e588c9a3da3be85b740000000a0eaf4b2aacd4e9d33626afdc105851297c244537434e2faabe5b1275cdb0326922946b329525a80021bb83a3fa9a4486b46c77ba36022cecb5922fd09c4c738	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043e2eb2e51ccf149ab640c8bdb0d7906000000000200000000001066000000010000200000009d08163284e38391c0809c870f62760bd2dad60ea1c6bea9d09526204b583542000000000e800000000200002000000033c9c4dbfd178aeeedfbc08eecee5f9fd998f526f7fa5345931cb396ab0d791b60020000c676674ca2dc06b7b1a73986461a8da30fab18fcb1456ecfc57c4188142e20b53102e0480feb93ae669026d05ae1f80d9e63c67d5f081b47b02ce5c7cd91c07630057af29c473d6a58fafd399e4425d24b87c264286d2320a78a16bb1d8ae111ee524515ef695f2dbd619c652cf9d0d094b14d59c7f2d36a5bdb7de8eb45940e0fc6b12e23cb6f7fe2289fb3b5ce1133cdc4fe4cc222b6758938fd3467e461e27cba3d9f54e823d6e062e84c864923289f0282737037aabb5c86203d08ee4b1bfed160fa2d160e733e4f38408955148c2590f926c211cb7292dc2edd810877c2bf76e84bdd6e67ac42ba0beb5d295acb34ad650ad3cc638f9fdb6e00985141ffad939a835118113005e407e652d5daf907d493674dbaf6be22f6e888b114f2889fe6b6e03b77081a295d6b657fa38f6763847c6a539450a16c994cf76554630e81ba69a985e63b0e3514b0cc41325ba559a3daa68ad449c918798fcceba3c5dd645134a353d717a74cec25331545d0458f4b97c399fe005b9e46abac9496e2344ba34d50813cd0fc80a23fac7c8f15f758249da468ff847181400442534e8ba59c3df0f13ea9f642e6f48c0a600f7dbce38d4750a682e89bbd7be14133db035ec0e409547841f69929e48f6a730fe3e367c191d3fe9b7cd227a1eb3b105e58787da97f07dca5aa3c802730677954239763fd7bd3bb94d28014dec4f7ad5e566257c5d59b26a5ea1aadc8eb273429d018b45f421726a077d2febe3410da22164b668ddad8778f15779260cd3dbdaf5a4114431171b0446975c1446eecafbac9933f86fd00484cc681d0f9ea641e259caad58f4cb73989c07cb9bc753ef207852340000000fcb5c45be0c0c74b2a723201eb28161f61c2a95e1a1b311b25c8e94818959871acdac5379a75e9a8d1b21847df612ac5988c66941a99a5e9c9e06108dc3019c9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\microsoft365.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375782568"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30997887"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 506d8a517ffdd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.microsoft365.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1332248537"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.microsoft.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.microsoft.com\ = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0abd85b7ffdd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

2200 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2200 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2200 iexplore.exe
2200 iexplore.exe
3604 IEXPLORE.EXE
3604 IEXPLORE.EXE
3604 IEXPLORE.EXE
3604 IEXPLORE.EXE

pid	process
2200	iexplore.exe

pid	process
2200	iexplore.exe

pid	process
2200	iexplore.exe
2200	iexplore.exe
3604	IEXPLORE.EXE
3604	IEXPLORE.EXE
3604	IEXPLORE.EXE
3604	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2200 wrote to memory of 3604	2200	iexplore.exe	IEXPLORE.EXE
PID 2200 wrote to memory of 3604	2200	iexplore.exe	IEXPLORE.EXE
PID 2200 wrote to memory of 3604	2200	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.microsoft365.com/
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3604

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
66433614c5b2e7ba4ab63205f5f2233d

SHA1
94709996a4a89e8085c7144ee85949437b80d015

SHA256
18a98e7910cae2ba63313a22964eae118f16ea48eae103727fd4f844a65c30a7

SHA512
53c04db0925fecb2057eac78ccb0636e254134041feb92d9677318ce5b817849cde4120751144e56587c1aa2f825c72f0bdfd250d39ae06d0432ab034041f4c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
6df395096ecd4495391458b01010ecb2

SHA1
2f1dc39b55265fd6219172e40362c1240506470a

SHA256
6439a7a722864b1920d0307e0fb2eb95207b22010005086b5856646a51f2a7e0

SHA512
eb333fbf74de85ca8bb66dc1c286f71d744e929e614bd056b73fa5161f26e89ef5028d4f729f02de3438ef519bc74968cb0c25428a880efe523121182bb65803

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
446B

MD5
ac6e6c629c9dbc814f6531ebce46ce68

SHA1
41d738a820c3d17b48b6080c2f13d2740a68e7a6

SHA256
543d88faabb14f80920689660eb7be28fe9eb60714829efb8c7e64364fa7292f

SHA512
eb022ae866756a639696c6ea7c7e1c71dc143ae9f4e7606d35ab142df7c29d244f209f63af7effca62380fb034ad20165ed31a962695c8bd99793f8c97e8c88b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
833ea6e7188812def2b5b716f8b16f68

SHA1
e2bbb840ca2a98bca9da557c37705889b331eed4

SHA256
be065fe3aa8154a15099698ab9a84c51456a3ebd0b6e40ef94bddf0fa8740546

SHA512
23fa5b8c9dd0a8ffe2ee3bab7a7c3e6dc61b571dbc289181db7dcb1f9ee3e40fbf23bdb0a9582753071c0acc9076638c2f87894a5abe5395f1863b51c7bc3545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ckj4gk4\imagestore.dat

Filesize
8KB

MD5
172d5b2f169a0b9a0c689b74258c88c3

SHA1
6e82d0590fd8917dff44d9bfc263d2d434c5f368

SHA256
b817c2ffdb510973a99eab6374149a00854fa5f1cf99a4d45581152ab37fd298

SHA512
4f63e762cde161f4fbc76990374cef2889e18403bf7ff1aababcad189898c47dd932779fddf08084d96a0ca02cec3e3a5a654e34285608820b0f5a58db134c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ckj4gk4\imagestore.dat

Filesize
25KB

MD5
7ae3120068cdf74e9a39542f89661f68

SHA1
0386bb90ff37d3377ff7f943f8a7256b283c5748

SHA256
214994211459df663f13eaf5fbcb66d9464863a8f0e86801b93f81ec5d92885e

SHA512
d512e758736c7edcd8d25883a5ee6cfb4c9ecd9bde7ff318cb0214dc95281167fe66a19f7e7d9c8f1818a35c0bbeb61f723529338af01ce38ee6a365337fa3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ckj4gk4\imagestore.dat

Filesize
43KB

MD5
869c2f7e078baf3e99fc29fa1df79ed7

SHA1
f17cf61b8ea445367c6390406be8e66d3bcea894

SHA256
d82d282f9c6e32185f1c8e298c00f492b26af4603689c0b01c99b0d5ec6b53cb

SHA512
de7b45414245dc27f294d12910f84f2207d65172afd3269d2f92b6bc8f246b21a102b96c0cfe4c28f11415be64801fdbc62b4cd64ecfcdaac02c4985edf40dd3

Download Submit