f3dc4b672e2361f49e5cc5d3927668d8701a390ceec8952c55acc82ec712e324

General

Target

f3dc4b672e2361f49e5cc5d3927668d8701a390ceec8952c55acc82ec712e324.html
Size

7KB
MD5

9f02b8a55d1280fdec40bbdb42ecad95
SHA1

751c57a5eedd65d5deaa5d4b9b8a12487d5d8255
SHA256

f3dc4b672e2361f49e5cc5d3927668d8701a390ceec8952c55acc82ec712e324
SHA512

fa8bf68f46195e48613991e682f8e348e892b03856f771434be25d334cf27b9a17459396b1bbb1da162f12c47bcbc87b17b3139b5a08b9cba9c36aa5d96b1246
SSDEEP

192:AJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLX:qSGabMPvLddLXuSwSTLdlLXugfo2KaX

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B80D041-6B17-11ED-A993-42FEA5F7B9B2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000068534ab7b715d944af084d00531bcfe200000000020000000000106600000001000020000000be2a98e69b050401d02adeeec6b76cea68511a82a0f4e58da979a79e4d62bb33000000000e80000000020000200000006763f4ee769f72b93e35ace16a462419f00a1f01d504d11a5fd4617b2d00549120000000636efb2937f9b66ed7d216b2051e8efa044dbb844e26cb1f0d9e8c1573f105c2400000003a489c14e9ddd563d061a58444a312af88443d6f7cc600189464612b61cc16c54e83c2b0e8f9031a021b4dee1d9e4c9f9f0fecf9407c41c6e8295b02c77f6c37	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375963237"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000068534ab7b715d944af084d00531bcfe200000000020000000000106600000001000020000000710d6fc4228f41f0247e5a9a13db0bfeac763d9d2cdecadda6439bb2f36b0bde000000000e8000000002000020000000fc233c41ecdea184d26cc089d5be45c888ed378a0aa5e1a568522b7746cf5a5c9000000006d7c63d00395258c0915e883a35e7bde919cc10ea2f8037b18d95c763be5241fd57cec05d774c74656323fe01354b13afc71b1dd6a56cccc58500e33361f45765feae196fc56d74860e71d81775bb8dfe189d66a430867dfbbb584d341a64c22db48453c64faf3e5e6d845934e1555384c7be8cd84320cd1656990016f399c9065e99374d0ad9673d3bc57841b3ec6f4000000070a253ece9a67c0d4d97c2c3280754a610c1254c6bacecce8d0aa8954d2bb2b0a21ed55e668120367391e3a038aade5102841d4e75486d3d93b91b27fd2f1212	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 001790f123ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1812 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1812 iexplore.exe
1812 iexplore.exe
1424 IEXPLORE.EXE
1424 IEXPLORE.EXE
1424 IEXPLORE.EXE
1424 IEXPLORE.EXE

pid	process
1812	iexplore.exe

pid	process
1812	iexplore.exe
1812	iexplore.exe
1424	IEXPLORE.EXE
1424	IEXPLORE.EXE
1424	IEXPLORE.EXE
1424	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1812 wrote to memory of 1424	1812	iexplore.exe	IEXPLORE.EXE
PID 1812 wrote to memory of 1424	1812	iexplore.exe	IEXPLORE.EXE
PID 1812 wrote to memory of 1424	1812	iexplore.exe	IEXPLORE.EXE
PID 1812 wrote to memory of 1424	1812	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f3dc4b672e2361f49e5cc5d3927668d8701a390ceec8952c55acc82ec712e324.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1812

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1424

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N7IBWNWY.txt

Filesize
603B

MD5
05d499f74477059ac6478a7c6cfb30fe

SHA1
ab709f3440f9f14a4718e9cfa442acf772594e1c

SHA256
4da9eb43462261913f0d547bd365082c7c6d7f0cb72a08d8966453ecc62c6b30

SHA512
dfef82737a8962f11c62486b549dec07e379108e29abfc14bea7a7cd1beb30dfea8028c8f898d81af17ff831451711f69fa904776c52c23b524763e5cc25375b

Download Submit

Analysis

Sharing