4d6869dd62925e4acf5d2f3c5afaf7c19b172b4d7f8b8211b52ae239d93c22e7

General

Target

4d6869dd62925e4acf5d2f3c5afaf7c19b172b4d7f8b8211b52ae239d93c22e7.html
Size

7KB
MD5

ae6b44a45fd42f80ebfaee1e349c2820
SHA1

f0d809b69cf40c12214cf851b2383346c96cc4fc
SHA256

4d6869dd62925e4acf5d2f3c5afaf7c19b172b4d7f8b8211b52ae239d93c22e7
SHA512

a0cd2b616bf4620d4b60b28e199347bd4134788ce486bad3ace01222666c4613834cc47a6d293cc8e05a2fc9913ec9c7f7f9db895ece4e59012303ef2f9a06ec
SSDEEP

192:IJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oL6:SSGabMPvLddLXuSwSTLdlLXugfo2Ka6

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7003e07d27ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303d9e44ae7cc941b7c258e93d8b444d0000000002000000000010660000000100002000000065af579b39cb0a47d4d69393fb89e7d63741b5bba78bb390e8dffd4cfa174e51000000000e8000000002000020000000560de5d070ad0e4942f54a8008b8536f0698f5553aef8c33a6501af462b064d720000000a26e0e29d0e4b0cbbd1a18b2b52f24b6ac1503c0b9ad0fb8186b40b5673c4dbe4000000062292634cf8346bdc4f564f04032dbc439dd83e77ddc9a344d4071e0f5efce3db022765dcf016b29ccd03312cf101df08f989dcb0632c4ba39298d6ed4585f24	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303d9e44ae7cc941b7c258e93d8b444d000000000200000000001066000000010000200000002c652b08356a56eb569e43faca3a1f50cdc8f7084893b69c05225cac69327cd3000000000e8000000002000020000000fa85e3dcd301a6c692f30aa0c1d8aef00d51f7d81559e1648f0be6cceaa1795d9000000014f5f67aa00bb72b86eb95985ebf4bd7f63387ed278d8c5191e7643cce8735d3f35e576c6ef499507eb220f1ca5bf924abc496bfab38bf54f5592a1870dd7a599113bdcca618a17d559b6d46d901455f0a28458f192d15e14d908451491e7885696889a27cd937f742fc79cad9dd164eae4886fac798a77b8b2b935aa503b1d0d5199babfe09e1c874d1240ba72a5fbe400000000df81e506c1b078c5d96fe1d368feb21f666bdcc1907cd5d6af4619bfa55e5d98d66c0adca7f2e23ea9ecd16f1e05f134df48d2931e79f77c04a9ed1ced43b03	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375964741"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9B2B95C1-6B1A-11ED-98C6-66397CAA4A34} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

900 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

900 iexplore.exe
900 iexplore.exe
2040 IEXPLORE.EXE
2040 IEXPLORE.EXE
2040 IEXPLORE.EXE
2040 IEXPLORE.EXE

pid	process
900	iexplore.exe

pid	process
900	iexplore.exe
900	iexplore.exe
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 900 wrote to memory of 2040	900	iexplore.exe	IEXPLORE.EXE
PID 900 wrote to memory of 2040	900	iexplore.exe	IEXPLORE.EXE
PID 900 wrote to memory of 2040	900	iexplore.exe	IEXPLORE.EXE
PID 900 wrote to memory of 2040	900	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4d6869dd62925e4acf5d2f3c5afaf7c19b172b4d7f8b8211b52ae239d93c22e7.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:900

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2040

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KGZWGWV5.txt

Filesize
606B

MD5
1c84cbffa0812c42194425d9fae9d2d8

SHA1
cbd49b53ece01a4777982300bf0ae1c93bb8d38e

SHA256
ece7e2e8ed2f40cc0cc95121aeff33e11c2dba18e55c32da855e7543d05366cd

SHA512
621345d61b168567fb9153adeca68ac26e66553015e47396552574466a334b5a0214b9eb47cc2a8d78c27cae26b972b6cd63eac6f7183149f593cefd1426771a

Download Submit

Analysis

Sharing