7ff6bd0f3f18300dfc7dfcb90867b69b50462d333e7b35167b08851444153543

General

Target

7ff6bd0f3f18300dfc7dfcb90867b69b50462d333e7b35167b08851444153543.html
Size

7KB
MD5

ea8d6805eab85767038c6d4158a755fc
SHA1

8413e431e154a26961c36be25e435c107cf0c1a4
SHA256

7ff6bd0f3f18300dfc7dfcb90867b69b50462d333e7b35167b08851444153543
SHA512

8dfebfadd28453ce2d5f563c7ce8e400e05c4b085362f6cfb18bc99941a3390ccb82ab38399d516d97dfe53f476b2db699045c01dd3a15c33e53e343749d6a44
SSDEEP

192:YJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLf:CSGabMPvLddLXuSwSTLdlLXugfo2Kaf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd8aecbb80633444bb6e58a18a39289500000000020000000000106600000001000020000000eb9cd85168ec9442c8df559a3f57d4e00e8bc057411e2c789c67296f5127117e000000000e8000000002000020000000388a821c91876e06e06bcc1a70aa627fe9750b698bb0a048b377b13a5552cffa900000002281ff9e328262960a68e7a712da960196edbc9a69036610e986ea32174faca4c89d8fb9673e1ecac958f025782320840d9db00a55b24621db696e6f4e1b461ae76c5d48b6eb7b0eb8122de4dbcd03cf6fca8fcdc3824ce41a2ee8d76fe96b171bc1ede5ed9b8af88f1da4b8d72acaff807d6209fa005369b665799f586d4607f85d13afad3fb6a62362b8dede8a167740000000bd705affe6d834ae46d6fe845d21af11210c1e7fc02c174c722a4048b38c47bc1614af45c5064be17ba595b097adfef885eed46e640d97f7802a9738669e577a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8429661-6B19-11ED-8C25-6AB3F8C7EA51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375964338"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4033f78526ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd8aecbb80633444bb6e58a18a39289500000000020000000000106600000001000020000000f8c1566df943ffc62d9ca5561709cab57597746455298e454b63a2721965a811000000000e800000000200002000000053d9aab3a038ee73d4706eb98ce9dff20a313f611dd93b20b5d4abbe24738753200000004d8966ecd5c71e5afcc8913a4b72b8e4dbc0b9e9e3521928de22f553d293e3684000000079037cf87f8dff091383a7947376486651ef6e5237ddb42135cbb55352963fce530c5152b247944989ecb94a5cedf4103f4bd240ea78820d432cb3ef6acdedcd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1488 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1488 iexplore.exe
1488 iexplore.exe
988 IEXPLORE.EXE
988 IEXPLORE.EXE
988 IEXPLORE.EXE
988 IEXPLORE.EXE

pid	process
1488	iexplore.exe

pid	process
1488	iexplore.exe
1488	iexplore.exe
988	IEXPLORE.EXE
988	IEXPLORE.EXE
988	IEXPLORE.EXE
988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1488 wrote to memory of 988	1488	iexplore.exe	IEXPLORE.EXE
PID 1488 wrote to memory of 988	1488	iexplore.exe	IEXPLORE.EXE
PID 1488 wrote to memory of 988	1488	iexplore.exe	IEXPLORE.EXE
PID 1488 wrote to memory of 988	1488	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ff6bd0f3f18300dfc7dfcb90867b69b50462d333e7b35167b08851444153543.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1488

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1488 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\74NX54BM.txt

Filesize
606B

MD5
33b5814c6e72299c8d9d2f436f2b5010

SHA1
f5d8c7d3593a6f14e6b2f6d45e34dc50c09cdf16

SHA256
8a0f0dbac80ea2afc3f7b480f7a2c63ebd297cc83b75596e73e2d99d15cf5c20

SHA512
8562fd84918392a3ffce11f60644fccbb160ddf6bbca222a38d7d22644be4c27a1edad7a90977723660698a3dd495c56c1e8663488b9c773052f25b73cbcecb9

Download Submit

Analysis

Sharing