86c47a07e65fcec827965e0a62eedff79539802d3bf550a4798971c1e08faeb6

General

Target

86c47a07e65fcec827965e0a62eedff79539802d3bf550a4798971c1e08faeb6.html
Size

7KB
MD5

4dd5329bb291eabb6d1242601ccf3306
SHA1

272d7f2e2c399eba935433eb1ae35a325b10b6f9
SHA256

86c47a07e65fcec827965e0a62eedff79539802d3bf550a4798971c1e08faeb6
SHA512

71e9ba6b1aefa3e1d724e23e36ef97b9be458f954eac8c56d9c27935e8d3dfd4dd086f312653738bcb3ea7eb6a7ed1f04f79c1ee4db0d5a31d173a33762d5e2d
SSDEEP

192:8JSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLU:GSGabMPvLddLXuSwSTLdlLXugfo2KaU

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375964280"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e45010070c08840bda90fae860ae5850000000002000000000010660000000100002000000061f7ca06ec576860019d171bb803994eaf039f7a6d7a7001836f87504584be32000000000e8000000002000020000000fe24ae8bd6c27c4ccf46cec0e4b44350d49a43c24226544af0e119042c18890020000000623e287c26d21c56138c2e56ddd20c0bef8c66b3acaa90e8a0cab12006ecb7ed40000000b77108f81a8c0462215c8a054dc379b8f6f9d9555a82b9175b2c83463e7567a80d2cfb1a9d84296a083a354515a4d24e65bb10ba523f3acd27f4ecc326856d4f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0a5a76726ffd801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e45010070c08840bda90fae860ae5850000000002000000000010660000000100002000000057015c53a67a8f5306e22b5a5ef2070c0398c0918189c8e0054ef6d4ba81a3d3000000000e800000000200002000000045680a2c9a4035ce732f588f7e1c6c6f6bd208aa9626c29769fb38009813ebea90000000154d12ecfd833b050eaf3d886dfd4de49cfcca281f04ad3ef5e4424ac970b2b3c7a9ebacba71ee93ccc33d8b7003ced69276ee245329e83468bfd974a630f043409be70c7d1856775dd07fb363b44dcbdc23695e51cc03fde0b2a86aad31912c9e312912fe96f4b82006867fd077f168ddb3db3594ab75e509030824b334fe0d357025508e702cc83d2163bec219a14440000000b95a9fe838482280518bc524df997968cc9c11e69779fc0fc85a1229b3ca5b3976996f7359971e0e2c6d8441c4a18ed0a08d177abf527ca728955da466d29f7e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8F7D4761-6B19-11ED-8FA4-466E2F293893} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1384 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1384 iexplore.exe
1384 iexplore.exe
1988 IEXPLORE.EXE
1988 IEXPLORE.EXE
1988 IEXPLORE.EXE
1988 IEXPLORE.EXE

pid	process
1384	iexplore.exe

pid	process
1384	iexplore.exe
1384	iexplore.exe
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1384 wrote to memory of 1988	1384	iexplore.exe	IEXPLORE.EXE
PID 1384 wrote to memory of 1988	1384	iexplore.exe	IEXPLORE.EXE
PID 1384 wrote to memory of 1988	1384	iexplore.exe	IEXPLORE.EXE
PID 1384 wrote to memory of 1988	1384	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\86c47a07e65fcec827965e0a62eedff79539802d3bf550a4798971c1e08faeb6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1384

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1384 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\91XHWVO6.txt

Filesize
608B

MD5
c9c00eb3abf1252e64b6250ec71c9e1b

SHA1
34e6fae5c9f42a8fbbb2b0857ab86b6e3d05607b

SHA256
c875c7c3e9763d195c3efd32a5aac617e026903125f80ef454350267d797c9b4

SHA512
665a41ed9f0109b441872707e5fccf4ff2c96f775f08c2c55be5123e5b4b6d6c018a1724ba6278de17454ec2b6ce546c8fd12b51c353b1f767d8926b45f38840

Download Submit

Analysis

Sharing