7b27cd05884d6cce18cbf59ff5f382eb0f9bd0d9b231623904259f37e8983bb9

General

Target

7b27cd05884d6cce18cbf59ff5f382eb0f9bd0d9b231623904259f37e8983bb9.html
Size

7KB
MD5

9c5aff96e48aff73bf2e1f5de285cf74
SHA1

abbb4c7443c9fc8fbd816bf49cd733d214f64934
SHA256

7b27cd05884d6cce18cbf59ff5f382eb0f9bd0d9b231623904259f37e8983bb9
SHA512

910cfa2a26a08fbcf4498a6f7982abb222b67332dbe8666bf8c308580c44c0aa48681106a20e8e77acd28d1a64b70e5831270d646b77df9b6bb1868ead228a9a
SSDEEP

192:0JSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLG:eSGabMPvLddLXuSwSTLdlLXugfo2KaG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd62b78ee8587e4dac88ae50a840a17f000000000200000000001066000000010000200000004ce09487fd1b31eeee97c93bd960aa0b9e6292d36126a8ef42a839e251ec093e000000000e80000000020000200000003c68f54adc1abd84af36a0169ae5f27c5b2c91facae2fbc9d28893b0758429de20000000cedcdac45544b8965c50c88348f8c98eb484c95793bb21b374d6e6e4a940246d40000000de96978282d24234c7e1356d2ac6fa7b0495bd4a5a639536b94e4c3ee68d30bf75a8abed7bbd176e964353f4b74b2b116b3ef9270de132cd25e302b3f8481005	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 508cee07e4ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376045707"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd62b78ee8587e4dac88ae50a840a17f0000000002000000000010660000000100002000000008982f2b384d3124c9478b80d456db22d1b5099df98c70a57f8b3bf8b83ddbf4000000000e8000000002000020000000c85c8107a547c2fb045fb99fdcf0f86370b55b559c40cab70aa64dcf92630f86200000005ff2672163488609566ed53acab768ba2f46a8f3acdcbeacb1bad23357867bcc400000003fc4a0e567afc7502bea0d6f7215fc228b5866a2943b7f62927b5c60c09372249e9278d1771032ad4372ae2e7773b924eaedc28cd4ffdfad8d5d70b35531102a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{20C82481-6BD7-11ED-B8D8-4EF50EB22100} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50fdf007e4ffd801	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40e078f8e3ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4060001867-1434967833-2212371794-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cd62b78ee8587e4dac88ae50a840a17f000000000200000000001066000000010000200000009b7d215af559828717592963095da463b873cc867c255e116f6977b1ccd91703000000000e80000000020000200000004b212d48b2af49f92b5783df18d1f05d140bdc90af8fd9662e824f9dc0ffed26200000005e18b4b8a95412f8f15f64db73b44e4af6af40efe80b56af32ca40c5d687721e40000000163e4bc3461cd31a44c0966af552a193f120c43e6b60e5c122586113c8318647084843d5cccd0670bbf913ba5d5f1b00715f8a6f56e7e9d3bce27c5818a3958c	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3380 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3380 iexplore.exe
3380 iexplore.exe
4308 IEXPLORE.EXE
4308 IEXPLORE.EXE
4308 IEXPLORE.EXE
4308 IEXPLORE.EXE

pid	process
3380	iexplore.exe

pid	process
3380	iexplore.exe
3380	iexplore.exe
4308	IEXPLORE.EXE
4308	IEXPLORE.EXE
4308	IEXPLORE.EXE
4308	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3380 wrote to memory of 4308	3380	iexplore.exe	IEXPLORE.EXE
PID 3380 wrote to memory of 4308	3380	iexplore.exe	IEXPLORE.EXE
PID 3380 wrote to memory of 4308	3380	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7b27cd05884d6cce18cbf59ff5f382eb0f9bd0d9b231623904259f37e8983bb9.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3380

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3380 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads