fdba4551dbd25dd47e5fd6f70f788ded01a9acedf99c97abbb1b94e378467263

General

Target

fdba4551dbd25dd47e5fd6f70f788ded01a9acedf99c97abbb1b94e378467263.html
Size

7KB
MD5

09c3ae4ee89c8bd30416884878d32e6f
SHA1

294f08cd2871dac78179ff25e63ae2c99a68b4a6
SHA256

fdba4551dbd25dd47e5fd6f70f788ded01a9acedf99c97abbb1b94e378467263
SHA512

9efef95b5385c4bb186386d2697a2a6007e9423973a1dd41d8871f73a36b112c328f478874b4d20a828103dfa94c9441a2432445f126149d64cb8c3a095a79b9
SSDEEP

192:VJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLY:3SGabMPvLddLXuSwSTLdlLXugfo2KaY

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 25 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd62b78ee8587e4dac88ae50a840a17f0000000002000000000010660000000100002000000058d8267e980058793fe691cb4b7687a7178ea382651d414a1f4bde88907af1d2000000000e8000000002000020000000cf7580eaeaf8df70cb64390090c58ff1fca54fac15326fb17b8b14c5a89e339a20000000deda5ed7bb73ee59cb807f401ff31fbd29ea257e3cdc2f3b100ea553f7b7ebb3400000004c11afcbe5775b106d5b32e48bb1d0f56ce0ae9e291303e79062d076db274136d00f1d3a576dd38c4bb73967af57ba02771fed4d72a09e2e813036e637482e9c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd62b78ee8587e4dac88ae50a840a17f00000000020000000000106600000001000020000000b8044e68c356d68bd4b5f1ffb4eca8b68ca628e08ffe6c3a7930b66b8344356d000000000e8000000002000020000000b6fb2ec68c8bab6d46625b004310e3321025ce7a89afba1c6b31a84e8d23933d20000000d0f43d5cf3420f4983549b0858a542a3c28db18698099de7557b5f3e8b2f4ff3400000009bd9f5e8a17fe6877eb8ae261edfbfcaa71d90b32163f3e5a929fa0a088af74ea0f7441d58efe40d4c17f3bd604888a3e56d96d81721dd5ef66658b7b25fbcb2	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd62b78ee8587e4dac88ae50a840a17f000000000200000000001066000000010000200000008847180c798ad593dcee620d736e5386abbc0b69e965f1208ba012c6338328c2000000000e8000000002000020000000848a6c6fcff8d2e225acc9f0531bd43458ddf15e3aca5e535106e97accdc44da20000000900ccc235497faebb292ff3942cff51aec1a0c2315f82040f08b1254c03c13464000000062e14105cc1459920e4e9c2c7324d4d774dc17a03473894954c963c2cc4577e143f4634e34d9b1bca6b46c5c2027c4fc92b250e699a5168ab32dda1d9b41cffb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0ebb0ee23ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f1c6e823ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 201e99ee23ffd801	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0F0C1778-6B17-11ED-B8D8-5EDCA19B148A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1260 iexplore.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1260 iexplore.exe
1260 iexplore.exe
1212 IEXPLORE.EXE
1212 IEXPLORE.EXE

pid	process
1260	iexplore.exe

pid	process
1260	iexplore.exe
1260	iexplore.exe
1212	IEXPLORE.EXE
1212	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1260 wrote to memory of 1212	1260	iexplore.exe	IEXPLORE.EXE
PID 1260 wrote to memory of 1212	1260	iexplore.exe	IEXPLORE.EXE
PID 1260 wrote to memory of 1212	1260	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fdba4551dbd25dd47e5fd6f70f788ded01a9acedf99c97abbb1b94e378467263.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1260

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1260 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1212

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads