124cc8cd32e105c7acf6d40de6c8ae83bc8f1ae73819b3ec5af3ec46f13f0e82

General

Target

124cc8cd32e105c7acf6d40de6c8ae83bc8f1ae73819b3ec5af3ec46f13f0e82.html
Size

7KB
MD5

a6e9cfa1dc50aeb6c901f58f2aa99796
SHA1

7cfef1fa84cbf394d8ccb464ce4bff8be1146843
SHA256

124cc8cd32e105c7acf6d40de6c8ae83bc8f1ae73819b3ec5af3ec46f13f0e82
SHA512

e4530c69173e13956648568b65671b0edf75758a41672fd1b641f497027bac1b1c75b5e4e182dfc6c4e7b55d151c676e37a3ea3e271df8bdafe66bf79117a333
SSDEEP

192:VJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLU:3SGabMPvLddLXuSwSTLdlLXugfo2KaU

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375965280"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E02F2AF1-6B1B-11ED-8716-EAF6071D98F9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 607247b628ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea90c7d351b3f54f95e2281b275e69990000000002000000000010660000000100002000000090110ffcfd2e1da35d230bf2464df5780d8fb3e0ed34761ed2e2fa0aa4fb22ae000000000e80000000020000200000009b77daacc12ee86d71e6a7425cb2f0a5f4558f0c7f9efd345b566587bb38b81c20000000125d11c898636d91b2df22f61b0343ad676ceece9f91c480d1d6c3585ae8d82040000000ef06c823f9fe7ed408d56cd4b2e758b43b97f8834dbc5e57096d4e8a9f726b9fcbd5df8d863fea133a28be67226ad54088a7ab039846ec45c7b6864ffa326347	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea90c7d351b3f54f95e2281b275e6999000000000200000000001066000000010000200000004031fba43ace6d228da634fbf376c29816bb750c8efe5beaab1e525cb401727f000000000e800000000200002000000035d95341656a9090b5910652b857b10362afc6455c294c8f71a888da98b5ce169000000037399f5c1ecbf5b5a2409d81602bdece81013c7fe66faa20b983961cfb05e397906f0f4db85197271ff1555c6facaf542f5fb72d93683a0c3bf49b7bb06313d8c49ce57bd9a27f2ce2feb3657bc417e8a6fdad60bb451f8428600ce14a786ecf8ae0888d960ed77a6768b12f817beeb9f6e9c1b83f99872b397bd3644ac1594b5ccab98b1af0c0b65882a5091172a5f1400000004b0c7be48637ed8c430f1d138e72846a45d93a39db3e27c4139b0636c1dc78e972453874f7185b51917c08bde428707e34535e4e387f2af3472a225de0cc41c0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

536 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

536 iexplore.exe
536 iexplore.exe
1376 IEXPLORE.EXE
1376 IEXPLORE.EXE
1376 IEXPLORE.EXE
1376 IEXPLORE.EXE

pid	process
536	iexplore.exe

pid	process
536	iexplore.exe
536	iexplore.exe
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE
1376	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 536 wrote to memory of 1376	536	iexplore.exe	IEXPLORE.EXE
PID 536 wrote to memory of 1376	536	iexplore.exe	IEXPLORE.EXE
PID 536 wrote to memory of 1376	536	iexplore.exe	IEXPLORE.EXE
PID 536 wrote to memory of 1376	536	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\124cc8cd32e105c7acf6d40de6c8ae83bc8f1ae73819b3ec5af3ec46f13f0e82.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:536

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:536 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1376

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W1LLYQVF.txt

Filesize
602B

MD5
96c3506a58be68ab53ee9463baf9a45a

SHA1
a82711f85edefe4701cf1ef26cd3aead49fe2d05

SHA256
daa532e1224eae8e851b186ce3578f97b43d7c17322ec31c50608667473c6db8

SHA512
bf8a3d7e22702934dfd82ea6672b6a3a3263a5dc1bcf0deb7e4026aab762eaf2117efa2a9a5366b501ba965284d3de679692484563921999718b74e92974e820

Download Submit

Analysis

Sharing