5dde90c16347c67bae8eeebc5bfee8dae335b758de645702e0b3f4a50834e30d

General

Target

5dde90c16347c67bae8eeebc5bfee8dae335b758de645702e0b3f4a50834e30d.html
Size

7KB
MD5

eca7909809e9bcad5f2086b43b435fce
SHA1

b6c41581b83531c759946806d5b428e9207f3629
SHA256

5dde90c16347c67bae8eeebc5bfee8dae335b758de645702e0b3f4a50834e30d
SHA512

1894c834a0e9fc44f6b8754f6819fbd4d0d225c3970ab4ddd2fe94ddd8c7fe5689343195904032bfee87c78ec8b4e1a76b07d93070fc34286d4fb38f7291ed12
SSDEEP

192:TJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLm:FSGabMPvLddLXuSwSTLdlLXugfo2Kam

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375964587"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e1d747544438bf428e9dbf6efb1067e8000000000200000000001066000000010000200000007f342e0cc02c4b28a4c2e0813f14ddd213628f1dbfaac5d39a12ae98cc5ea3ea000000000e8000000002000020000000f86ef40f953adf50ac19dc23bf09096c45ed42da4d110e2b8305ec98ba64a6d7900000009a284e4eec5a4bd3f434496c957cca43724a7d146ee15f2ff2d2b35c1b16dab19f90eab49b2a6dc68383ff4a328129afbceab5e26d0cf4b346cae70aaee5bd3c8e1fb1446df488aa7adc2d42db28d0e3e43dd28be58448dbcb789cc7bde5152897aaee71c63797c3da3716d18a1ff68c7de6a4da2e3800c8052c4f4f2b0d36adeca1ec782964f30ae1f61ca0e0131ba240000000270dee610ce0bc230ef8edda3e74c7e67d48243854d926ca6ce07b44ee7dc7dd449667f0c00633203ee2ac81309cf263817ec44813077c6f7f78ac7b2b6378c2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{41A2E670-6B1A-11ED-8C25-6AB3F8C7EA51} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8025832127ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e1d747544438bf428e9dbf6efb1067e8000000000200000000001066000000010000200000009cf83b49d551e246ce844a40f90d1b0b22645241c8e21220339a6908fe55a32a000000000e8000000002000020000000d60f58ac80383e8593a2638b1567d4f8020b9b09d5c537d662e3d8560677218320000000f126ece76f31293b03a370fb178fa132203a294a6bf6fddf9769f2fe7558d86340000000c1452f2223c3498d37b4bebbc081dad33be25accd12fa5da081e3698e645970bc59c8ab1412452324b0f2c48b76e643b504507b4ea8fecab2920692ef5a65426	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1088 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1088 iexplore.exe
1088 iexplore.exe
988 IEXPLORE.EXE
988 IEXPLORE.EXE
988 IEXPLORE.EXE
988 IEXPLORE.EXE

pid	process
1088	iexplore.exe

pid	process
1088	iexplore.exe
1088	iexplore.exe
988	IEXPLORE.EXE
988	IEXPLORE.EXE
988	IEXPLORE.EXE
988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1088 wrote to memory of 988	1088	iexplore.exe	IEXPLORE.EXE
PID 1088 wrote to memory of 988	1088	iexplore.exe	IEXPLORE.EXE
PID 1088 wrote to memory of 988	1088	iexplore.exe	IEXPLORE.EXE
PID 1088 wrote to memory of 988	1088	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5dde90c16347c67bae8eeebc5bfee8dae335b758de645702e0b3f4a50834e30d.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1088

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:988

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PFTSHPJF.txt
Filesize
601B

MD5
f931c949cb081885fc3cf83adada092a

SHA1
7272b273333cb5a0c70c5d40cecbe1e46e56dcee

SHA256
5ecc9c62d7018ac822e5195828f8b17f42b51c133bf342997a0d85b09262b52d

SHA512
babd29e9c0008e0245003a3215fefa30645b0a1f4d7d47cb08fd01582f73e23aa18c5148a2d087eb3b4b26dbe934288b0fad86340267535b15432c23e44009bc

Download Submit

Analysis

Sharing