863c551284e2f2ce88bd2113c5706252e106d0fe1df06e1d403b26c0c495f6bb

General

Target

863c551284e2f2ce88bd2113c5706252e106d0fe1df06e1d403b26c0c495f6bb.html
Size

7KB
MD5

ae62354934becfaa07cf4477ee4390e5
SHA1

71a9c1ee66755be8f76d1052b9ab82376b335d4d
SHA256

863c551284e2f2ce88bd2113c5706252e106d0fe1df06e1d403b26c0c495f6bb
SHA512

7a854858c12dc98bcdf67534e24a2b274488afd7ad162ce4f821c850401dfc4e551501e83c5481e6966e6b158d3c26cbc91fb4f730f1db1b02f1b8fe264365a7
SSDEEP

192:NJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLL:PSGabMPvLddLXuSwSTLdlLXugfo2KaL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002d97a62fa11db24cabc4d3bbfa10adc30000000002000000000010660000000100002000000029d6300acc247840003ff927ee0370ba3d1fc4096a1e2a6e8718678d843c8038000000000e80000000020000200000005d4e160c18826ead95949e5da5bb1e643985d65cb3aad6e9b9fefc4f66fbf5e2900000005e499b2f78bbebdef1b598fc7f1d0aa8a62b494be6bdcd9e92c8bc0a6395cc9a4706a5a33436b38d920808dec173d5d5978b05e734aa1ed6081619e1054e0c93c46d84cd4a016b2aedb6ae50f8f268fdd1a109b0d8c4688b519b220ad8b64ac2e5158d35ac700b9018da560552a83862a9b79014493560ed81a3ad45cd3900f43912f7b15903b4bccf545cf1ea2f020e40000000ec75b43aa5a31cd9ed771f297d660ce7b722d4b3da3c09c09f37ad8101519e892f3bc149e5a00947a6f46a0fc7a9400c32f67c2a37a14e9b20b14e9fe3f8ac77	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002d97a62fa11db24cabc4d3bbfa10adc300000000020000000000106600000001000020000000fa4e687b4a4dae2f286038e34e3dde068afc202056e35ed2ea64fc2a8da0f98e000000000e8000000002000020000000ea71a37d0afae5325d87b664c75f2e69aa87677a319a68f20790c2e80d9e930420000000e1fa7a92338a1645508f8d014c100cfa45f7abbdc6728ed411e2ff041f3058ac4000000067eaba467dbf938038f1fbd5fec6a4fe35becf765b9b94279931da9193defa20978b2179a647b5b4a22eab78f15b703b9b6b9d55d1eea40e8c204472caf1106f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375964311"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00a8f77326ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9753CF41-6B19-11ED-B40B-E20468906380} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2024 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2024 iexplore.exe
2024 iexplore.exe
1608 IEXPLORE.EXE
1608 IEXPLORE.EXE
1608 IEXPLORE.EXE
1608 IEXPLORE.EXE

pid	process
2024	iexplore.exe

pid	process
2024	iexplore.exe
2024	iexplore.exe
1608	IEXPLORE.EXE
1608	IEXPLORE.EXE
1608	IEXPLORE.EXE
1608	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2024 wrote to memory of 1608	2024	iexplore.exe	IEXPLORE.EXE
PID 2024 wrote to memory of 1608	2024	iexplore.exe	IEXPLORE.EXE
PID 2024 wrote to memory of 1608	2024	iexplore.exe	IEXPLORE.EXE
PID 2024 wrote to memory of 1608	2024	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\863c551284e2f2ce88bd2113c5706252e106d0fe1df06e1d403b26c0c495f6bb.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1608

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\90UHE2TK.txt

Filesize
606B

MD5
c8b5d0bc6d359313eafbbbe1ec0498c0

SHA1
45cf744da85198c5723921b7040134a864225ddf

SHA256
aac7983f952fcedbd8a6907617c4d97d884a80e156f53492733b2fd7c983c348

SHA512
44037a7497163f4ad24e3e029c6f4caec92e9dfb463e563c3073299b403f9dbfad1829e36298ff94c14b3d4a90c5679b7202b9e51076171f0aff8e98cae2135b

Download Submit

Analysis

Sharing