3316eaed7dc988713b5299e24550bd100b656b393cf14c38cf36c9445f665327

General

Target

3316eaed7dc988713b5299e24550bd100b656b393cf14c38cf36c9445f665327.html
Size

7KB
MD5

72f5244aee26e7154f4958337b5934c9
SHA1

d199558d0e68e4c9ae1b240187d61e6ab42c0d19
SHA256

3316eaed7dc988713b5299e24550bd100b656b393cf14c38cf36c9445f665327
SHA512

27e3e9c95576ae18b8e4d9efa3fa9deb5391be3ddf030a7ff46338cdbb1407c1fe960c537da9793325b5fc32ae4e79718eefad4d1b06a060a7563bb2a8ca77ca
SSDEEP

192:pJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLf:7SGabMPvLddLXuSwSTLdlLXugfo2Kaf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375965085"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea90c7d351b3f54f95e2281b275e699900000000020000000000106600000001000020000000416b093b611e706469dd80768eaee7c93b380b2e7b731f580e693077e45410e8000000000e8000000002000020000000e2747f68c2c4a4030c07fa35e9c09e0532a79b6d65e1b8adaf173471f7961758900000008b89567994fc8a1f8498df06b8c635d97f7b1f4a64e64d010e84d7ef9541c8234b1e6a98800fd5bf9da5486f0dcbbe7cc73ea7af530136bed4e6e909ba3e4c11e1d13bc67838e0729b4a47f6e6a859a0bb4fc763f1eb6479f3a813059fdc28ef0e8120d0208fd5b7203724c6d48479bee9ff1bed14e61b6e21673b6a5ea2bb1b285485a732edd6e1c55bc836005f387140000000b24ab21136a0f8044e6f8cbc0127f25d7f2db3fd22a708a81c02993b920fb42aa2b0460bdbdb3d55abb2380174a0daa251d4de5130ac6ebdd04e7c7971af4cff	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea90c7d351b3f54f95e2281b275e699900000000020000000000106600000001000020000000338624a3c705c34f874f40e0672bf1a22a1001c86e30c314b42df488745f64fb000000000e8000000002000020000000a22dd242ad5096c1b89a6662b8b106c0954ae92e2d615f6ac89a717f52209cb52000000018dbe40ed7a27fb6e7945c0cfdb23490f8ac40d2f2c9bfbe5c7af715e345b03540000000bc6cab9a74f93c18ac98b39ff13f3d3280438f3a3ee8ba4fb67803214049c48aa14573f8390bf4faf069373ea5cef103ad69b2d5fd2b4533ca446becbc8665f2	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e63f4528ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F9E5591-6B1B-11ED-8716-EAF6071D98F9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

536 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

536 iexplore.exe
536 iexplore.exe
856 IEXPLORE.EXE
856 IEXPLORE.EXE
856 IEXPLORE.EXE
856 IEXPLORE.EXE

pid	process
536	iexplore.exe

pid	process
536	iexplore.exe
536	iexplore.exe
856	IEXPLORE.EXE
856	IEXPLORE.EXE
856	IEXPLORE.EXE
856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 536 wrote to memory of 856	536	iexplore.exe	IEXPLORE.EXE
PID 536 wrote to memory of 856	536	iexplore.exe	IEXPLORE.EXE
PID 536 wrote to memory of 856	536	iexplore.exe	IEXPLORE.EXE
PID 536 wrote to memory of 856	536	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3316eaed7dc988713b5299e24550bd100b656b393cf14c38cf36c9445f665327.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:536

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KRC6OL8Y.txt

Filesize
608B

MD5
f65e108858b000c49b9115f2cdbf3885

SHA1
e51d33d89304c42a578ab10644d89965a5a42841

SHA256
49471cacf9f1907275eebe54842230f76bdaee76237b80cf9ecf169741a0b8c1

SHA512
f2a42b4f8e625ac5e636862b9eb0cf5c7b006909263845e40815931690547796125e9525530400d7dc52e4e3e9034c74c00a8f1dfe7045d51e95e50453e08607

Download Submit

Analysis

Sharing