7c5532bbfe46102a05bddad7f28a43470535f4a0d577db9134182b285e6a7e2d

General

Target

7C5532BBFE46102A05BDDAD7F28A43470535F4A0D577DB9134182B285E6A7E2D.html
Size

27KB
MD5

fd36888ce0598a413408d386c589900a
SHA1

f8d94ce965388908183aea4beea93cecde32b62c
SHA256

7c5532bbfe46102a05bddad7f28a43470535f4a0d577db9134182b285e6a7e2d
SHA512

c0ab8631485bedd178e2cd6442a889b55409caddee36c98c0b4345b0758620f136ffc81c3aef265b36edf8e84e763be3e8ea086d0afa5f3fa90232bc18c2014a
SSDEEP

768:seT+jdyXFvmCV/hLpL8LEVk3Rc5ZMqekWP0lpvTg00ry:d5ZMDkTB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f051838b52ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375983204"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C2D10E1-6B45-11ED-84FB-6AB3F8C7EA51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d3d44e1eeccd3419efea2a887a2188700000000020000000000106600000001000020000000e6ec250da739f2de77c43a194345a6b193edac7bafe2264f6d5b2f084b946c8a000000000e800000000200002000000094d5dcda72332b9248c588e06c54e4c04301583713bad2ebc3eee4f21ae1562e2000000078b903b6e63459c13a80dc85890233be90977efb5771b5cff255a9cef875f61c40000000cf10d99c910c4b8188b8715258d253fe29421f35e549cce2fe636526dc7e7eafdadcae1ac2c2195d391d0ee6c22162d9f86065523998f274f16900d042ae8fda	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d3d44e1eeccd3419efea2a887a2188700000000020000000000106600000001000020000000286c3dc0d268beda36b397d9cd7ceb0286f69c3845d06240302a4d592e23318d000000000e8000000002000020000000b742aafa229907b168c7e2524dce6828a4e55727dadd60a96e1e159e98b60a0e90000000481ea5602641044a66517eaa034a417fc338cdbe07a46edbcd5057bd86d666b37b7fcbba877e86b48b0d71ac131e8b8c0bfe444c22135b2296af8365a22b23dea1279723a046804c43534840f7159893fca34a8dadb690a405f2d54c7f4ce080536d24002d6e0e4c86c0e55e5cd95782a5978dcbd1944881cb1daf386073b522369a74619b57e5ae074b8df24d4bebed40000000d9efea5b28e93b222eac9228deb17d57f4450e5e84a9d61dd9c9a556413083e1e14ebd2d719076a99de0da23c89181c9125dc0009b87c0360bc4d5d5a6579bdc	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1000 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1000 iexplore.exe
1000 iexplore.exe
1616 IEXPLORE.EXE
1616 IEXPLORE.EXE
1616 IEXPLORE.EXE
1616 IEXPLORE.EXE

pid	process
1000	iexplore.exe

pid	process
1000	iexplore.exe
1000	iexplore.exe
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE
1616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1000 wrote to memory of 1616	1000	iexplore.exe	IEXPLORE.EXE
PID 1000 wrote to memory of 1616	1000	iexplore.exe	IEXPLORE.EXE
PID 1000 wrote to memory of 1616	1000	iexplore.exe	IEXPLORE.EXE
PID 1000 wrote to memory of 1616	1000	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7C5532BBFE46102A05BDDAD7F28A43470535F4A0D577DB9134182B285E6A7E2D.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1000

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1000 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1616

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
3dcf580a93972319e82cafbc047d34d5

SHA1
8528d2a1363e5de77dc3b1142850e51ead0f4b6b

SHA256
40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

SHA512
98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
1e04e83d816bd7c4681d2ca80d6ef8f2

SHA1
3f8942234c585cb2e40680a5c90ab84be9d999b4

SHA256
0451acf68abadfabe694f1e0880825a84c5ce7bf2597ad8e5ec44ee2494c9999

SHA512
0db91618608b5c8c61219d60e457d49de6987500dd0dd68355530230c08c1dcc24a16d35488d5bf8d7f873ae9ef5c6ee74ca0274055d5842ac3c911f4f95026b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NZ5ICAVM.txt
Filesize
608B

MD5
907ffbccb55d6d2547658863fa72729e

SHA1
45f64fe0748470c0576985b8306c31d0f118fa05

SHA256
c06ffe9f552e7d8bb75001c68769ccc4dd41dd67b71d8f630de392edba5d39e2

SHA512
4d49b0ff5f38767a85e9beda15dba94346d76426586270b6cd74889aa01eaaec6ee1a2563394635d58868dd923fd2b69805f4b402b35c7e6513dbfb78520f8b5

Download Submit

Analysis

Sharing