08c9cc1964b93d30b7fd6f95c8b14bcc6ebfc0029ce7f61880292f761281bc71

General

Target

08c9cc1964b93d30b7fd6f95c8b14bcc6ebfc0029ce7f61880292f761281bc71.html
Size

7KB
MD5

e248eff2c3bb9964a18f798589188a51
SHA1

3f12c90f0954306f9c566a6a534b5c011d05c62a
SHA256

08c9cc1964b93d30b7fd6f95c8b14bcc6ebfc0029ce7f61880292f761281bc71
SHA512

d923e0dacb08ee65eebb5903b0b7a82af9ca4586ce883c9f132474911841551e99bd7703a4d6b0b90c835ef7de1346e40b50af8161bf4860aafb9013503e5431
SSDEEP

192:sJSG+9PzqN/PR1A8nddLXuSwSTLdlLXugfo2Ku+oLr:WSGabMPvLddLXuSwSTLdlLXugfo2Kar

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{34A9BAC1-6BD8-11ED-8803-52E8C5FCC7C7} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cc71ea323a5cd9438ac6925ab89f750e00000000020000000000106600000001000020000000c051858a42ed82dcf22ea3a288a6e0e3576aab3e7fe95f3f002ef1d216eab2f3000000000e8000000002000020000000113d50533300c228027adcae5619fbdc00201151d8743cc5f8c1d4c8367abf209000000054ac6a9ae5e61d6e59b14289bb5eeadafd62617997bfcd7ce2b3df6b93bff5183a3bc4923b981b8df25418f372676d6422cf2d756c4e64383030e04f87e81562e9154284372d8e5fb656fd895172174bcddbbb6e7859c8347aee97a6aa012d73221d6a0c0c7db9250b2e22211308a42af4fc0da4fddce5659db8e2d4e1bd96d950924e25487956f6c9fe3fc807c9944c400000009a1ab2330ed670a4d3cd4fe7046b7440bf2a58d6ef19a1bcd7a900c28a776573378fd36b2df7d0c0887f069aa87e919887648475c665297de87ecdc1824af196	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376046161"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5045320ae5ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cc71ea323a5cd9438ac6925ab89f750e000000000200000000001066000000010000200000007480d2bdb37305f777da93fde9e2b2c6caaedaaf7d9a7b2c6472818aa7d43db9000000000e80000000020000200000006fdedbea6b3df394ff5c70ef57205f183ff76ff4414cb2ec47738dbb1192f2ef20000000d30c9d0bdcccd4ce0b5eb530baf8a8f08b0b54fb9d6e20508d19c1ef4b73042e40000000beafbb97ea923c54882cf21b9f344bf2ccc6be9ae0a5a904bf5c4c36cc950d52db25eaf888c4887e192bdb91a4a66f25ab714d4aa6e95e5568dd2ba92e301900	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

812 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

812 iexplore.exe
812 iexplore.exe
952 IEXPLORE.EXE
952 IEXPLORE.EXE
952 IEXPLORE.EXE
952 IEXPLORE.EXE

pid	process
812	iexplore.exe

pid	process
812	iexplore.exe
812	iexplore.exe
952	IEXPLORE.EXE
952	IEXPLORE.EXE
952	IEXPLORE.EXE
952	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 812 wrote to memory of 952	812	iexplore.exe	IEXPLORE.EXE
PID 812 wrote to memory of 952	812	iexplore.exe	IEXPLORE.EXE
PID 812 wrote to memory of 952	812	iexplore.exe	IEXPLORE.EXE
PID 812 wrote to memory of 952	812	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\08c9cc1964b93d30b7fd6f95c8b14bcc6ebfc0029ce7f61880292f761281bc71.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:812

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:812 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2186F7JP.txt

Filesize
603B

MD5
343dce53655dad70f9e917a8d91919c5

SHA1
ee228ac89e27466255739d3f18918b55038469a9

SHA256
f61a5b072a53d8e0643965066a8ab79cd93d9062ad779ef48a21851ee7bd5b1c

SHA512
d989ebbca57b72c06ef44dce858f1177fc8e9d573193c9256f6dcfaa2f49d13b5cefd28c925c209db4cfa9bcb33ae8000983a54952d936a69b46bb22d09127fc

Download Submit

Analysis

Sharing