c2c6ab098e9d4765008bcb0a309b770e94d1c553a3cb482f055e97fd94438957

General

Target

c2c6ab098e9d4765008bcb0a309b770e94d1c553a3cb482f055e97fd94438957.html
Size

7KB
MD5

0cd4f2336338f4ed1e7edaa85a907660
SHA1

c96123740650e1aa2d0f26a6c9781b1ebb8a4f0c
SHA256

c2c6ab098e9d4765008bcb0a309b770e94d1c553a3cb482f055e97fd94438957
SHA512

99da71256cd4c9ce5b35c0a401182ccf9cac65ae8c2373c93d7af52cc2d4865f0408d5efdedba0fb1760206c1925f73fbb6b2cc182c54ee43ddb35ba9bb74d17
SSDEEP

192:NJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLA:PSGabMPvLddLXuSwSTLdlLXugfo2KaA

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c012e01125ffd801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002050b40d56a6db4589ab6bd5f19a8ab1000000000200000000001066000000010000200000002444178fe6c89d61f726ea30f9538f5f91a0a54461a84a35f370745b35d2a01c000000000e80000000020000200000000805af6056fbad8321df2c8d6b469e1cef4b0ab7506304a5e3ba72a5ffb9b1fb200000003e853e5c5e790bb4c82571945738d2c280e68af084a60e8947c9a8bdbd4c58674000000036b2c9f649c26cf0ec84dfddaefc70c405f37d16623310934bf6ce747f283010c8fbce9cc9145cc2b736550ca8fb859936af7d7bc03adfc8bfe90b1027d844a9	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30998309"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30eee31225ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "767870877"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{379629DB-6B18-11ED-B696-FE977829BE37} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a09cb61225ffd801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002050b40d56a6db4589ab6bd5f19a8ab10000000002000000000010660000000100002000000072bdf7b3579b6d6586c3d07e88aa057565688f99962172d4851e0f301b13f81e000000000e80000000020000200000006e7275696b6f15abb460064328c865e2d14f5aad1ad550b9c3e66941381b8aff2000000007b64a133b433df4fc88fef2e5133439cc098d3f3084d708b677dc446ff54e6b4000000088c492365a0d8da9a54c5e0dbb41c941647e8dc9eb3f178b0a3a3201ca3d5a5c2afa4685a4dd82cf2f23c248d845e58259be4dc3abdd09c516ed879ead8e1aee	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375360605"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30998309"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "767870877"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002050b40d56a6db4589ab6bd5f19a8ab100000000020000000000106600000001000020000000cf58597f974e29604b99a3d388c7ec3b8d163e61464a64b5e014c8af3fa1f459000000000e80000000020000200000009b1c9d3ec163b08c72cebe71d7d920f1f6707647783690483cca2bcf188716ab200000000b1cc641f92b82c51745615ba591fdbf0146fc148f827def2167392d1c27311f400000008131294c5d80661df1c69cac63e1a46f59eb5296804c5f1e3c30e6e855fd794e92e4ea5922ed88027fa631adec233c5214b1664439c6f55493dae784096d0e6e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

3836 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3836 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3836 iexplore.exe
3836 iexplore.exe
5004 IEXPLORE.EXE
5004 IEXPLORE.EXE
5004 IEXPLORE.EXE
5004 IEXPLORE.EXE

pid	process
3836	iexplore.exe

pid	process
3836	iexplore.exe

pid	process
3836	iexplore.exe
3836	iexplore.exe
5004	IEXPLORE.EXE
5004	IEXPLORE.EXE
5004	IEXPLORE.EXE
5004	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3836 wrote to memory of 5004	3836	iexplore.exe	IEXPLORE.EXE
PID 3836 wrote to memory of 5004	3836	iexplore.exe	IEXPLORE.EXE
PID 3836 wrote to memory of 5004	3836	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c2c6ab098e9d4765008bcb0a309b770e94d1c553a3cb482f055e97fd94438957.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3836

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3836 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5004

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads