89d88fffda9556164a351fc76948e39523545b73abd74231c7003f7de0777d14

General

Target

89d88fffda9556164a351fc76948e39523545b73abd74231c7003f7de0777d14.html
Size

221KB
MD5

0e3eae3cc563b64b9f93ffe1ad4880e4
SHA1

127f7c3fbafb97db9317e35d27e67c7510041154
SHA256

89d88fffda9556164a351fc76948e39523545b73abd74231c7003f7de0777d14
SHA512

107faf975c9088a8ced88c599a0b9f072bcd740f3d4591573d985254f2e80b34e12188276e63996ec3668d22cafd852d6cd1a42036f8e41c7e1b659d73ec4329
SSDEEP

3072:cavms9rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJm:Tz9VxLY7iAVLTBQJlm

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B5DF9720-6B26-11ED-AB9E-FE63F52BA449}.dat = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA5EFAD3-6B26-11ED-AB9E-FE63F52BA449}.dat = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50eb549e33ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AA5EFAD1-6B26-11ED-AB9E-FE63F52BA449} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fbafda4d2839344b902c87c07ddf25a100000000020000000000106600000001000020000000146f08eca894fb3f1e757cd74b06aeae20bab42c42ffc5bdf3135abd1782b715000000000e80000000020000200000009926151903816c6f55a287e13cdf0c0b656580d510bbaf415fa8493e017a3c6490000000c5240d5bc6a068c2983e2a9127bf7466ad81961aea33639c0f690da9f6c5fb5ec8d0e3761abb70a2a2acf8a48b7266bad9d143a5ac3dce6f407d99aef0de9218095a8ef609606db491f13b040611ab7c063f951bc9bc71994908e3cd2f33f9a883c0270a8bf3d80c6c44479e3a24c6613245905ac1a46f2de352ec6a89b4d3d515f4c0ffcb5c2bbbcbd04a303dab5ef7400000004cc32d57103bd6a209b7cff53b28aefda8efb2b8e60bd9d3c7f4a3341ec33efbc600b4ac5be7e0989343163a67815115dd923b9f7754ba27de06e02b32e28e75	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fbafda4d2839344b902c87c07ddf25a1000000000200000000001066000000010000200000005b259da758938d1e877334b5babe691ca9b7e3d1e1a63da4c441196415377ea6000000000e80000000020000200000001e4a639b8129bb127ca26cc6101d2acfe2e08c7e62df63825ec1dc9c6f3ca770200000002598fb85ff9d7695238adad1199a94454f035d46a32a2cfcf79c5e537377a70d400000007e33f0488b94e6dc2cd948d51f96722bcbfe8960022d81b8645354cbb2badce98030bbc592d8127fadb53a71f2633b196c4ddd654d3892291ca70e71c97c96ce	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375969919"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1512 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1512 iexplore.exe
1512 iexplore.exe
1744 IEXPLORE.EXE
1744 IEXPLORE.EXE
1744 IEXPLORE.EXE
1744 IEXPLORE.EXE

pid	process
1512	iexplore.exe

pid	process
1512	iexplore.exe
1512	iexplore.exe
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE
1744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1512 wrote to memory of 1744	1512	iexplore.exe	IEXPLORE.EXE
PID 1512 wrote to memory of 1744	1512	iexplore.exe	IEXPLORE.EXE
PID 1512 wrote to memory of 1744	1512	iexplore.exe	IEXPLORE.EXE
PID 1512 wrote to memory of 1744	1512	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\89d88fffda9556164a351fc76948e39523545b73abd74231c7003f7de0777d14.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1512

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1512 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45313980075ad235f6cbb449d974d922

SHA1
4c0ce577ae50277e5885bdaf3cdacd984497e944

SHA256
c9f6334a1428a594847caa5f507ac109fb35db93c1b14d49f902c0ef64788e95

SHA512
8347c6fe8bcd0f4870539d54dfce61b6f349755f7121cc4b920044be588d61ff38656813cd6c74c96939094ec43b1426c8b2fc313647a2c772ee614e60c26374

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BNWHBKXM.txt

Filesize
608B

MD5
b3b011aa335608839ecb3f781980bbad

SHA1
b98d8381b9fa5abe813b36f15c9c128b6e346f9f

SHA256
6a77e52de7b456b5e4a7b7a8ee29b952f79bc7458ba2c5a22393e963df08d867

SHA512
4d388974581485efe006536a449b46fcb33062c0657c3278d4a51b14918433ed7f93b1a6e1c29612d553114f6ad191c117dea6a70315988e38e57ec67083970e

Download Submit

Analysis

Sharing