ca4bfce3e23c86bc3e7ec75ba75eb28416f6f628b88a8da5c74577e230959ba7

General

Target

ca4bfce3e23c86bc3e7ec75ba75eb28416f6f628b88a8da5c74577e230959ba7.html
Size

7KB
MD5

e35d2862e708b5fb0daa4f73b0896ea2
SHA1

b60dacc975b17fffca477b5f02873a62f649f893
SHA256

ca4bfce3e23c86bc3e7ec75ba75eb28416f6f628b88a8da5c74577e230959ba7
SHA512

8be363ca0936ee48e6950b68a748ae2d077cc135ba7370b9530a8b1a734d0009a9aea7825178696110ada649f179e168e332545f2c6f1c691fe866ac6b2b0176
SSDEEP

192:DJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLF:VSGabMPvLddLXuSwSTLdlLXugfo2KaF

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000fc0654821cc634c83b3f4e506b0a384000000000200000000001066000000010000200000000c2cc7bd75b7c3eecbd162cd581a5680d56824c2d5dc512016010f1ad1060b13000000000e8000000002000020000000045b1872b7e0ede6654d292f36c8e9704e299f8d4b7388dc306a441b7d430f9a90000000226a07f05b2cc09cee09d1b1177f7770cf4dbdd8a8baf6df0173f5749a9ff2c7f5b79efcaf243c6d0bdbffc6e7b5906bbd5e5725466518a1753c9b9a33c5fcf6a77062e835e0709f991b57791558f7613d598d193518a74e44c9ea62819f3c1cdeac4d0ed35d32dce54f4d8e816fbbec9e53c1e85d66d52b7047c11aadadc7be541ce98a46e54d438e57215915065b60400000004ea06d1d143ccc9320579c33ad4d0bdc56deb6ae4cc9f5579eb7b0875080897f77de24788f27c4132ac734119b73ef799193c020ec7dc1964271a70680e72497	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375963659"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1068a1e724ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09CC8191-6B18-11ED-9332-6A94EDCEDC7A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000fc0654821cc634c83b3f4e506b0a38400000000020000000000106600000001000020000000bb15dcd4cf2b460846a08d70b0e0f831ba4d3e2e507ce71fdbaf91bbbee5f8bc000000000e8000000002000020000000df6da6b7603588c6e4be9216297258b69e4499f5da5bf773b4489eaf7e02972d200000004de9b82f867029c1d0832674ddc469d7d76b6186b2ef886fb8a0930927588db64000000018b7cefb1bcb23a51b138bb4288185b05191ee89331cf91b8d1bbd007691b7b73105bacb28ea978f7a06b53ff896cf775b88816eda98b6be0c35ee7ecc1a458d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1424 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1424 iexplore.exe
1424 iexplore.exe
2040 IEXPLORE.EXE
2040 IEXPLORE.EXE
2040 IEXPLORE.EXE
2040 IEXPLORE.EXE

pid	process
1424	iexplore.exe

pid	process
1424	iexplore.exe
1424	iexplore.exe
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1424 wrote to memory of 2040	1424	iexplore.exe	IEXPLORE.EXE
PID 1424 wrote to memory of 2040	1424	iexplore.exe	IEXPLORE.EXE
PID 1424 wrote to memory of 2040	1424	iexplore.exe	IEXPLORE.EXE
PID 1424 wrote to memory of 2040	1424	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ca4bfce3e23c86bc3e7ec75ba75eb28416f6f628b88a8da5c74577e230959ba7.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1424

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2040

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B48FH1VB.txt
Filesize
601B

MD5
4160447d3875d48aaad879eb609f0318

SHA1
6c75ff6938c5ef84640dcc14e70fc5e0276ad8d7

SHA256
f7150cd7321900f9d3e51639911908b23764f1d94b5c8f56f0ad7ac5e5420a06

SHA512
a5a875d0e69027be30b2d0c8a8701884b808dcc2a4031c0b7e4c3a3c3fb3ca952dd6caeccd0a4cbecb7df6ef1c0787d5e65cc38c7711550c23725597f164b9ba

Download Submit

Analysis

Sharing