14945ecdb1296f03e78e46a7870860885a1da76981d3aca383aa5c525913732a

General

Target

14945ecdb1296f03e78e46a7870860885a1da76981d3aca383aa5c525913732a.html
Size

7KB
MD5

1ece51d6fd22eb24a928723ff300850e
SHA1

00df6251aaad1d2591ee2e2934ca36f8816e1df5
SHA256

14945ecdb1296f03e78e46a7870860885a1da76981d3aca383aa5c525913732a
SHA512

38771096a24e0b8552682cb7199d1e43a2eea16e18ee83f3391899d5be8529ed0099d6c2448ecbd550638837bd31ecd0b21706dd9c297184e30dbf0808f8e20b
SSDEEP

192:NJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLR:PSGabMPvLddLXuSwSTLdlLXugfo2KaR

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6059ecf228ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000330bb06a787be74ea19b085e6edf69e0000000000200000000001066000000010000200000003460930cda323d61f40fc6802f7807f2e10e50d9f230587b3e20975d7de59d24000000000e8000000002000020000000a24b87c09c9f47efceb3f34bd37562889188e7b95f3c5c804a59b692de982b6a20000000d857d47824e3edc615eabbc4575a25285c89fffeeae37cb80303d353ee2cb8024000000070ef1e798f07a10ce27ca4fd40aa8142e0a5ffb78fdfd196a730ef0621e54578245b71c317c0bb8084f85871b8de9afbe16ed46306d2a2f10dde93d4784839f3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375965367"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{15D99231-6B1C-11ED-AA2C-DE5CC620A9B4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000330bb06a787be74ea19b085e6edf69e0000000000200000000001066000000010000200000002d4f02b322b71b15af54c5d3127c4c492d985c2fec07a1da987d78e65a82f07d000000000e8000000002000020000000570444306bc2b59fa51e1846a8f7034aa4e6b1c7e49a51c47ec634d4e26afaf890000000fa5e9348a153217e4bc2a9883c5df5c1e52bddf4c57de1a569ea6d0df96e7fd2e8c45638fd9e51ea4fb142b3e54576bd0cdc110fe155e246080395c22724d484f9d3911d9c7f5e25bcc0edf6ba660fb6bb4473634f3c55f97e140c9cc03c41c331ed39078305f395a0faf80db9e65ac3dfee1d311f3672d4780b6a5a076ff84952ae3f6f591b0f9a896c1e1df2a7328440000000ef768a2c0bf3a0f4da1f65ca955bddee56bf047ff1a4a06337fc8006b4a1cddbb3b570eeab60bb01c99e41660f199e82b61a9692478a42a5ce682c5e52c40f64	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

112 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

112 iexplore.exe
112 iexplore.exe
1072 IEXPLORE.EXE
1072 IEXPLORE.EXE
1072 IEXPLORE.EXE
1072 IEXPLORE.EXE

pid	process
112	iexplore.exe

pid	process
112	iexplore.exe
112	iexplore.exe
1072	IEXPLORE.EXE
1072	IEXPLORE.EXE
1072	IEXPLORE.EXE
1072	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 112 wrote to memory of 1072	112	iexplore.exe	IEXPLORE.EXE
PID 112 wrote to memory of 1072	112	iexplore.exe	IEXPLORE.EXE
PID 112 wrote to memory of 1072	112	iexplore.exe	IEXPLORE.EXE
PID 112 wrote to memory of 1072	112	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\14945ecdb1296f03e78e46a7870860885a1da76981d3aca383aa5c525913732a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:112

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:112 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1072

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JR6CWASO.txt

Filesize
595B

MD5
64fabb8565d989eda1b64c89409852df

SHA1
8f33047da5f6cfd087418daaa888363abb0d70fe

SHA256
86a0d38d9e43202c4cee6de25f5c81ab027cc01aca1680245f77c3c20c31d203

SHA512
7439a91964c4af56509bbe21529612c35f3e832c16893e502110dee008eba29ff87a641b175a30595dbc0d82dc75aa43389964d3e2bd83cc1a1e2eac04887f5e

Download Submit

Analysis

Sharing