19887c2af903db46407b62a3d84a304022f51c2bdc2230280ba329a0bee01aab

General

Target

19887c2af903db46407b62a3d84a304022f51c2bdc2230280ba329a0bee01aab.html
Size

7KB
MD5

2b1f705539063738ff5e9b90590c0ce1
SHA1

4ac3f10e35b39988a2bba63144ffc9dca63155cc
SHA256

19887c2af903db46407b62a3d84a304022f51c2bdc2230280ba329a0bee01aab
SHA512

38c43da80f6432a2cd55c6bac1047329e82d9fc2c1ce53671bc4678438ef1dd8b3f26fdeb380a2d65314127c4e2d6b8ef957290dfb6d1fb9813af04667bfc455
SSDEEP

192:PJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLZ:RSGabMPvLddLXuSwSTLdlLXugfo2KaZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375965272"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05404a128ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007e145b45151e9f43b640c0595a7dc554000000000200000000001066000000010000200000003384b51419411c299674e51f24816ee9ed66de83a1e391f1313ea7926fae0f88000000000e800000000200002000000081860dd1b3b052d97a90f57895861867d7006ea891fdc9e9c9c57d467322ade6900000005cfdb96abff15b1a5b1f64a3dd3331cee8618283cf5b34b9fe0c3a74c11b6406e1378791e3ea8aa5b08244c9340a4791cce31b4bae8e38a02596a353b3ed4919451bb10044c2f1019dcbccd57c608161c427c26cc49bcc9c4ea25dcc44fecaef9535b8f773f5a04184033281df06755fe29a484679ff526b3c25cbe0d542b69a9eeeeaf47567a207729a14f273217b6b40000000bc558a88fe4a48cd8ea8b1fb300401596e45690a71d91ac61f028a188cb4029448091c769ea95d9b5c3f310ecb4162099456716e96bec98dc0f74dd908944b1b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007e145b45151e9f43b640c0595a7dc55400000000020000000000106600000001000020000000f21b2d0cb8a593c6fcc0dcccd0d12501c07861c3ad0dda8a3b4d0381e458de84000000000e8000000002000020000000e1ae043d538f4d87999c3dfb3c114da19b92c491620b97207b791ccfcf92e02d2000000069330539ab29ce95b8de8983bcb238a1d078374f587461aa3c268d543b439ea740000000428964eb65431d71a6669b23f6d7af6e5932391c9b190430c4dc463fee2165806aab07abde2e0d54eed8e42e76aa01f30fb18ef4fefc7e754c5f9b9d760a0823	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA134171-6B1B-11ED-965B-E20468906380} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

304 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

304 iexplore.exe
304 iexplore.exe
1936 IEXPLORE.EXE
1936 IEXPLORE.EXE
1936 IEXPLORE.EXE
1936 IEXPLORE.EXE

pid	process
304	iexplore.exe

pid	process
304	iexplore.exe
304	iexplore.exe
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 304 wrote to memory of 1936	304	iexplore.exe	IEXPLORE.EXE
PID 304 wrote to memory of 1936	304	iexplore.exe	IEXPLORE.EXE
PID 304 wrote to memory of 1936	304	iexplore.exe	IEXPLORE.EXE
PID 304 wrote to memory of 1936	304	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\19887c2af903db46407b62a3d84a304022f51c2bdc2230280ba329a0bee01aab.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:304

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:304 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6CAROI8G.txt

Filesize
601B

MD5
adf397b34d9f255677317798f8d8a496

SHA1
0cf8ca95ed5a43dc3572b51f16e40e9ce77e30ad

SHA256
bce781dc7d63b2fe47cb155ec5df4392ce2ae152116db7ab3d79668f00019e41

SHA512
22df8e68ddf23aaab95fd0267e8ad9d244b5e89d1e5ca251560c141a9011e8b738474eb1a6009fb70518850091cb0dc794ac3064ccdb7afae345cf23c1b9a004

Download Submit

Analysis

Sharing