8668c415969e17d07d5200893fc1fda4f82bd064ded5a22aef4ba19b0235dadc

General

Target

8668c415969e17d07d5200893fc1fda4f82bd064ded5a22aef4ba19b0235dadc.html
Size

7KB
MD5

1f3ae7a4b51d83ab762a9dc49ac36522
SHA1

2c2c6a147c680227e4a838d79cf43c02f4b324b2
SHA256

8668c415969e17d07d5200893fc1fda4f82bd064ded5a22aef4ba19b0235dadc
SHA512

caa42669641e7bbb623e9dd4134de501a105114e0f824f071b72285480f90bcbd681259e6605cfc5ed6045d482e20ab1847141173fe24e7355e8fb84a7028d4b
SSDEEP

192:pJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oL/:7SGabMPvLddLXuSwSTLdlLXugfo2Ka/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{980B6741-6B19-11ED-B51C-6E705F4A26E5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000064e9a4ebf2ab224bae6c2d3caa93dd9d0000000002000000000010660000000100002000000004765d5039d122750f837d1e779bcee2c2f6be40c506ec8747c5ca6a3aa10c25000000000e800000000200002000000071d0521f69bc46428f5169c4b4c3265c2d5a69c1c4e0ff4150927672952d10f490000000b8c1acf8dbaa78a64a4dc83f61a449d2fc0e62266e1d325e5328402b1df91532a21cc18ac10e5d76eb1e472881bd7212259d17557691c5a4a20b41f9563f7d9b16562f12d13a50a8d9ded01829b3a628a221512b89e6d299a2439040f0c003f50e2bb0ed78cbdbaab86e57a113c8f66fcb9a01338504375f7fb279f63afc4ec3e51fb4d86eeb2dd5f0d26a67a3fc18cf400000003fcbba3b4f8fadc6d0d9c80409192b7fe3d6193ac60e5da4c5050800589b96dacbd9b9e953ecd32721438c0d9389de0c8b54518df88d28d8b3243001b29ae0b9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000064e9a4ebf2ab224bae6c2d3caa93dd9d00000000020000000000106600000001000020000000f0fc70822360d71c82191b0aa4d5ab23a32a4bcfc975cd6a5fd9a5a7b3dde400000000000e800000000200002000000058500d2ca19654000639e2885ba8fc00b2e1d17877d2ca1dc2d4ee9ee0b8cbc020000000a4db236775a943560d53832c918e83ced0bcbd376d6e9a207e88ce0b42c33bb140000000ec9b2a2526de5bca9c3c1476daeb79c49f765025e4757b6fbf0bc184998305f630a3ea51ee63c4e9e30a9f35df80172af0d93f0041abcac12387a05eb8c2ec2a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0dcab7426ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375964302"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1096 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1096 iexplore.exe
1096 iexplore.exe
1620 IEXPLORE.EXE
1620 IEXPLORE.EXE
1620 IEXPLORE.EXE
1620 IEXPLORE.EXE

pid	process
1096	iexplore.exe

pid	process
1096	iexplore.exe
1096	iexplore.exe
1620	IEXPLORE.EXE
1620	IEXPLORE.EXE
1620	IEXPLORE.EXE
1620	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1096 wrote to memory of 1620	1096	iexplore.exe	IEXPLORE.EXE
PID 1096 wrote to memory of 1620	1096	iexplore.exe	IEXPLORE.EXE
PID 1096 wrote to memory of 1620	1096	iexplore.exe	IEXPLORE.EXE
PID 1096 wrote to memory of 1620	1096	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8668c415969e17d07d5200893fc1fda4f82bd064ded5a22aef4ba19b0235dadc.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1620

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2SPYXNWE.txt
Filesize
606B

MD5
f792d1a09aaa5166640f8dc2d5dd1a32

SHA1
9da3fd317baa5df6ef6fe6da24da6a9a617e8f3a

SHA256
d7878b3ae6ac2da83e8b4aae99005e32ff8ebb0df7fd870aff9befd90f3bfc84

SHA512
8fcafa637318ef4640db09f72c8c8bd8483ecbdc5706747b49876fc4cc54e15341cf474a6af355000781ba7369597ae484ab28f88bd803f8494431c72f4be999

Download Submit

Analysis

Sharing