8741e906d0e970069aad469f7e6bba6c8776da2fd552319bf2cda1b0d30d5293

General

Target

8741e906d0e970069aad469f7e6bba6c8776da2fd552319bf2cda1b0d30d5293.html
Size

7KB
MD5

0af4f127c737484d401f39929ce38c52
SHA1

7e12eb4fea7dc9f35e2c26b4111bd1090c788b1e
SHA256

8741e906d0e970069aad469f7e6bba6c8776da2fd552319bf2cda1b0d30d5293
SHA512

ac68e43653a7687226efbf8c19368c51a75cd91b856ad6832e1eb8f6eb66227576b9be514efadd15c344ef7e9f8029927673a180924f1d98565a0c71a6c7c62b
SSDEEP

192:bJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLL:tSGabMPvLddLXuSwSTLdlLXugfo2KaL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{69C66EC1-6B19-11ED-8716-EAF6071D98F9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0f52975e88fae4e91f7389ec0a55b1a00000000020000000000106600000001000020000000301ebf05bde595766912f09b50a8db0bd5db08cc5f383a0d37d7e0069b55129b000000000e80000000020000200000008863c1a0938a408e9d267688b4eeaf8d7e6f7cae22fbe22634dc7738726115de20000000e38dbb6756fa88be6043b33a38257427fe87c3df966b9f14c9471ce795dc062c40000000cae7efe304081eb5f1ed30e6dee21d3ff70abef173ce019420249de43c941fc313a207b869d792413f3d7de232e5767831229d93e72df06ae53a608e52ca5748	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375964230"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6053794126ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0f52975e88fae4e91f7389ec0a55b1a000000000200000000001066000000010000200000007e9a433549cf25761d316543baf7f53d88b26600cd9f689fd7e9ec8ac13fd8ab000000000e80000000020000200000008a6efb5d4b8472c88e1996777f23e2674796a75d070d17c30563839492d198ca9000000068d0959cfead186e52ff64d878b52210e1dbf8714208cdc78de7c9fa0c9c4c2dfa6244eb9b338c59362e12b53e83c014203873e950d2d516cad2c330edb3eee314c5c669f7d14968bb7b9b373c69ac991051e280ddf5a8bd1cd37d5a35756579b77fa0b2e56546810c14e4d81351686681d485c760931caaefda3edb273b244a06e7d0ce6b09e661c6aa85c5243481a64000000071d20e975301222e095f2b69e1a5158561d5ba6583d5cb07e7461a57b33d802dcbfda39bf4d7949a09873ce1b139f31750e8fb79d9f0d0df2a4f7942b02c3cd2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

288 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

288 iexplore.exe
288 iexplore.exe
856 IEXPLORE.EXE
856 IEXPLORE.EXE
856 IEXPLORE.EXE
856 IEXPLORE.EXE

pid	process
288	iexplore.exe

pid	process
288	iexplore.exe
288	iexplore.exe
856	IEXPLORE.EXE
856	IEXPLORE.EXE
856	IEXPLORE.EXE
856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 288 wrote to memory of 856	288	iexplore.exe	IEXPLORE.EXE
PID 288 wrote to memory of 856	288	iexplore.exe	IEXPLORE.EXE
PID 288 wrote to memory of 856	288	iexplore.exe	IEXPLORE.EXE
PID 288 wrote to memory of 856	288	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8741e906d0e970069aad469f7e6bba6c8776da2fd552319bf2cda1b0d30d5293.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:288

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:288 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FVMASDAN.txt

Filesize
608B

MD5
57ddb48ccbfa78619eb2c1b51b3abd4d

SHA1
8a8b95f85e8897d4dd72490e7a38748f3bc42dd4

SHA256
47d3851b3ca14cee26239c3f53b4f7f1e5c9cde3c40478ed60842b25703e672e

SHA512
2c98ccdda8dcaff68926024b668eb46ffd57f3aae33af739827b347f9f7224400d938623ccafd82cd8c28a5936af06d3f2931c985eb399cbefb6af770145da86

Download Submit

Analysis

Sharing