0cbdb294b2aa00531ec4d25ba891c5492279d466b939c6b4f6e02f356f3532c5

General

Target

0cbdb294b2aa00531ec4d25ba891c5492279d466b939c6b4f6e02f356f3532c5.html
Size

7KB
MD5

da20dd6326225ece93d18c848ccef21f
SHA1

00f89588923d28490c7106aee0de838eaa22c61c
SHA256

0cbdb294b2aa00531ec4d25ba891c5492279d466b939c6b4f6e02f356f3532c5
SHA512

38b18311d00a9f23624da92bced8edaeacc1efce284bd1d95749933357105a0663732c0da2f7fc8632864b81b008b666aabf83809a672d4f3ca74a48da62a831
SSDEEP

192:eJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLfvA:YSGabMPvLddLXuSwSTLdlLXugfo2KafI

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a08bfa7520ffd801	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048ca5449a4d21846ba8a995ea0abd35a00000000020000000000106600000001000020000000dfc39216eb742eb5cd6928a023cdb2112a2a927eff56c4614b455bfec08585b6000000000e80000000020000200000007b79ec88c8ce754b4e766a56c07c5e5742d4c5858db50f092c414d29a8822fa190000000efe31bf8193eb332c51c78835a4ca6d591010e21e39e5cc1fe47a2d3275e32f5ee4b83341512c7f1779d57c21706c1dddc49753a65db8fa6dfbfb58ea24d1a8fc84ec4ef2756e1d9b1d896cf90108a34b9497d233c6609744e9923a0fc543906eae8cfd745a0dc2e58a1eeeb6099544b9ef9f728aeff483009ddae84beb4551729600b98d3d1b2ae192c0a037f595522400000001519679784a0d7235b0bd0bfc84f15b536aac45eaedd2e94403bf7481fc4748e54824c03daa380bf0f37e3b23c0ab0205a1e4a7c220e9bc5be10f34666b0544e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375961731"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9FD042D1-6B13-11ED-A920-7ADB5DB493F4} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048ca5449a4d21846ba8a995ea0abd35a00000000020000000000106600000001000020000000d6f8ec5d37d7429568c228e07b6b45b96c8ff8c874ed9209f74bc97d0c411da7000000000e8000000002000020000000fcea14cf8feb91da080cba54aaaddd0ec63b2dbfccd85747716d06d72f316a8a20000000b57fb1f0ee6bac9c4d2f65c3731c73f18bcfcab1329ece82746d122ed2781a54400000001712f97990adbc8643d1dccb50e820804e852d97207f8d4fe8f2de9fb0b16268aff197a32c9498028e51f01f5400e73d9d3f1fbbcc35b8c4505bb6c55bf92c32	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1064 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1064 iexplore.exe
1064 iexplore.exe
460 IEXPLORE.EXE
460 IEXPLORE.EXE
460 IEXPLORE.EXE
460 IEXPLORE.EXE

pid	process
1064	iexplore.exe

pid	process
1064	iexplore.exe
1064	iexplore.exe
460	IEXPLORE.EXE
460	IEXPLORE.EXE
460	IEXPLORE.EXE
460	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1064 wrote to memory of 460	1064	iexplore.exe	IEXPLORE.EXE
PID 1064 wrote to memory of 460	1064	iexplore.exe	IEXPLORE.EXE
PID 1064 wrote to memory of 460	1064	iexplore.exe	IEXPLORE.EXE
PID 1064 wrote to memory of 460	1064	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0cbdb294b2aa00531ec4d25ba891c5492279d466b939c6b4f6e02f356f3532c5.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1064

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1064 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:460

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JGEUGN9B.txt

Filesize
603B

MD5
075a248fc650c36bc3d07465423bbf76

SHA1
8b4142af980a211dacd25fe8c8fc48f5a30779ff

SHA256
be696dc1859a5fa816b982fddfe2201b4088328097dc7471b1da6c6d059f7ed4

SHA512
93de622f09d3d3ce6d4ad452799a74841390262663e2d666248d6bfafd28d7227bf3d2f26717dd899648fd4104c918f6f51252c66f63055c04b93afc63285767

Download Submit

Analysis

Sharing