e8d2bd0c6594e82333751e09feee9c38e42875aa542edcc4d2a80ca5f49b007b

General

Target

e8d2bd0c6594e82333751e09feee9c38e42875aa542edcc4d2a80ca5f49b007b.html
Size

7KB
MD5

99f913a5ae0eb06eff6d5d9e58ed583b
SHA1

7c5aa2369aaf9593f5670d72f20e8bd3c83c2689
SHA256

e8d2bd0c6594e82333751e09feee9c38e42875aa542edcc4d2a80ca5f49b007b
SHA512

b6d363def059255485e21afb9cbb4ad8e63502334c72811f204d74bd24d95a0bbe4059b87f6fa5564103d93211ac4e64b0904afe06a6c4880f804a16270cb28a
SSDEEP

192:mJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLB:gSGabMPvLddLXuSwSTLdlLXugfo2KaB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0cc5c2a24ffd801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{54F43601-6B17-11ED-B390-DA7E66F9F45D} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375963343"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c4c022ecd88e444b7ea8dcd387f1ea2000000000200000000001066000000010000200000006c84392526c148124fe655cfcbeecf0d9e06c6837ad86137225953339d275403000000000e8000000002000020000000a667771bd7c9e05c0f061936fb3d66e7d23774e3b4b0737096632de224e4493720000000c524cd854940eb6621654a68034623daefe9a605c5ce1d9d6af8241165c3e9c1400000004755459a1eb4e9358fe27b631efeaff38625cb35a3edcb65e76fe4420047ccd83171bc848878cc768c240546d8de7372408307f8a59d1a1769564847b664c450	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c4c022ecd88e444b7ea8dcd387f1ea200000000020000000000106600000001000020000000a7e01524d01ab8df65405bae708d5a5458cc9ba484da125d917f452cf7a775d8000000000e8000000002000020000000829640d1c41eb0b982d1f3a71a185a683596e68bbe865d522af43fad0e039b2190000000e63378e82f45737134e698cc237b93385f558248fc2ee793f1692ca01d23e5a14bb3457fe01988992d5b27192424ea189f1a159be483898fb62f5771006124487b0ad5b14c8a228f7a7dd8f7f471f3a49642796f7b8cf18269bf207a4aa691de99ebdbab8a98d3173fa323b00773029fae4a3164344677b5b70126972be7dd403d7ea7fb98206b76ce8e08fbd4fecaed400000006a56543e5bc944df0ce073bf896924b37eb9823efd696f687f01e0fa72fae46c4954979b6aba3abc19270d7be5f13a887f99312952addb42b5d4b7b9a2e1c231	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1940 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1940 iexplore.exe
1940 iexplore.exe
1724 IEXPLORE.EXE
1724 IEXPLORE.EXE
1724 IEXPLORE.EXE
1724 IEXPLORE.EXE

pid	process
1940	iexplore.exe

pid	process
1940	iexplore.exe
1940	iexplore.exe
1724	IEXPLORE.EXE
1724	IEXPLORE.EXE
1724	IEXPLORE.EXE
1724	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1940 wrote to memory of 1724	1940	iexplore.exe	IEXPLORE.EXE
PID 1940 wrote to memory of 1724	1940	iexplore.exe	IEXPLORE.EXE
PID 1940 wrote to memory of 1724	1940	iexplore.exe	IEXPLORE.EXE
PID 1940 wrote to memory of 1724	1940	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e8d2bd0c6594e82333751e09feee9c38e42875aa542edcc4d2a80ca5f49b007b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1724

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GTYL13RK.txt

Filesize
608B

MD5
222ebab90b5ddaebbad6e7264249f1c4

SHA1
e94e84dae44d3d8070b498b732806bd6060aaa3f

SHA256
922e488c2c18a6df0b906a750416862cef1c80153f1ab5ddfc73745628c39029

SHA512
14d8de96f90abb072dbe6b9bc196de29104d5f77aa451b8c7ab180d3ba45b6a1f676724a004e1e3cba2fc95104b23bc9ffbd4349e2dc7efcfac4336ea8598751

Download Submit

Analysis

Sharing