7a03f4177dedb9eaa03afff140faded64b23c9db6bb49e1fcf8dbc9f40400830

General

Target

7a03f4177dedb9eaa03afff140faded64b23c9db6bb49e1fcf8dbc9f40400830.html
Size

7KB
MD5

ff1d55a8802689f5dc13b6fcb460d787
SHA1

d927ea68ccb34b7f76564396357797ecba4d70ce
SHA256

7a03f4177dedb9eaa03afff140faded64b23c9db6bb49e1fcf8dbc9f40400830
SHA512

bad82f228fe68e60184c4fd0f90f567e499849de0955c62d915e637f6c3d909802dbcc0697211bce50b6dcea7ec113772c5e323b8aefdbfe7c3f3d39aa5a044a
SSDEEP

192:wJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLg:6SGabMPvLddLXuSwSTLdlLXugfo2Kag

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DAD61111-6B19-11ED-B25A-FE72C9E2D9C9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375964424"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a2b8e90573d5024eb39d2385e30626f100000000020000000000106600000001000020000000fafec519741b703f2a24aa71de0ede7264041fc3e64f1d906d4e42b1c82bd869000000000e800000000200002000000008b753a03cee225f76807cb6deb9c71ac16b990728b71547cd8774f3a3c8b4aa200000009b8e4dfb7ab0747536289916d666ccdbf02a164513c1c3507919552c1bd262f1400000009e6f01e1ffe33850d6f664df84c51d7205d4c0040785f0fbf7d0a24656d44b31779e43d328a8054fdf908e83c16f1d65dda746fa72dfdc9ae38e81f6081272af	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90317eb026ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a2b8e90573d5024eb39d2385e30626f100000000020000000000106600000001000020000000748ccc0b186e1cc698cc599e07f355f5091033e7e9bf27f7f5c6743626c0e32a000000000e800000000200002000000001c084c0ee724ff482c9d0a58d9f15c5855a309069b436e22b26b8aa7fbc9f0190000000c8d158f87c8a808758aafba9210437fc6df6d8267afae30c7e0e014214dab7f58f06f32bcbae3fddc6c1659d2f9e6fb7a3399ad35f1f7f6f13069b9018c92ec57b0d7d49177ef4a183da4e4f2d8fd65b3f2699c09ee3c0ea8e03888cdf43e0d95a7338f9a83bd72a1f2417f22c95581c3882e6dc049a414ca8f9da461afb4982956665f7a211c896800da61839d6ceb0400000000ce0a41f6e0f3fbde254ba192a717277c7b8514f51f88bbcb7e3afa114aabf2aa3b458960309c44aba2b2d873cc74b10bb8671a6703e386b0bf4a29bdbd83477	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1668 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1668 iexplore.exe
1668 iexplore.exe
1812 IEXPLORE.EXE
1812 IEXPLORE.EXE
1812 IEXPLORE.EXE
1812 IEXPLORE.EXE

pid	process
1668	iexplore.exe

pid	process
1668	iexplore.exe
1668	iexplore.exe
1812	IEXPLORE.EXE
1812	IEXPLORE.EXE
1812	IEXPLORE.EXE
1812	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1668 wrote to memory of 1812	1668	iexplore.exe	IEXPLORE.EXE
PID 1668 wrote to memory of 1812	1668	iexplore.exe	IEXPLORE.EXE
PID 1668 wrote to memory of 1812	1668	iexplore.exe	IEXPLORE.EXE
PID 1668 wrote to memory of 1812	1668	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a03f4177dedb9eaa03afff140faded64b23c9db6bb49e1fcf8dbc9f40400830.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1668

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1812

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Q8Z4MWFB.txt
Filesize
602B

MD5
5e3123017949542f6cbc949657a2883e

SHA1
400edb7a4d1bcbdaac3bcb34d6e955fa5c6754ef

SHA256
6adfe08ac425ca2a047211895f062b873c130ca2b5fc7dc396dd86ef4e72418a

SHA512
1bcca52a7d3783deb1e3d62630ec9cc088abb6e6b7373b4c61875e6408902c435de6c807d6952be3b482abf8e816ba7adb1f07fae3a77d71532a6e33f4f7a7ec

Download Submit

Analysis

Sharing