92c6c07c39a158e335a7afdd501d93c4e47f34acc22722af1025990e64ebc3af

General

Target

92c6c07c39a158e335a7afdd501d93c4e47f34acc22722af1025990e64ebc3af.html
Size

13KB
MD5

ee581869786c378149b0bb1796e311ba
SHA1

688920c08d9b3345801a7e2c74f7ff1cace396b5
SHA256

92c6c07c39a158e335a7afdd501d93c4e47f34acc22722af1025990e64ebc3af
SHA512

0754b57ecd7aefd0ba587d51a535d4de4f91d7302c6149c320ffe6e9d7a3d4533c994ae21d6d42d18c7424a7ac47539e4faf38eb8bae3a74c94709982c81e1a4
SSDEEP

192:HzuooBfvJUJkTVuBey8fb14rGE3z+XEJDRUHPGJDfRk:qLvWkMU1TEkPP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B060311-6C1D-11ED-9332-6A94EDCEDC7A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c5c39d1fcd3d0c4db5749a25040986c7000000000200000000001066000000010000200000000d51467f56415209b92c2d3aa5c7eeaf49e717c99d3b7e2887194feb823dda09000000000e8000000002000020000000d3e26a71fa4240592799ecdc989069b17f7d9eae205cfde6e3f3e3ba3005917890000000e71380e7d9bf9789632078f7bdf773c9cb63ff83c9710cbd55e1000c2dca80e2948a3db08a31a4e8f2744d8ba4b8693490e4cb48dc7204dcc8a460b5fb8f3c968d992dcb305510e11e790a47aff4c4bc451f4712203847845c5bfcb78832a6e8a76d0541c05ac5a912430a250a976a24d1797601caee7f35e8f6887000ccc8f518f5d3ff238ed3a1e00ea1b29ffe611940000000257555012da12d30e832881337dfa8001527acc8ad68de720b6de4cf04bb696f95007010fbaac27fdb04f1ad3965726ed5cfb6962b5cda1a81d847c020804ac1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376075842"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c5c39d1fcd3d0c4db5749a25040986c7000000000200000000001066000000010000200000001b52bb0a050b6ff6acfdd9cb1a83a21e8018b94b75473897fd2c0b9acbb100a6000000000e8000000002000020000000c141df3ba73250a82754cc17f606809a41aecbfec3d6cf4eeb32d7b44f9f7e1e20000000d216c981201db718105f261ca632dff0a8a0ce8e40edab90b365b687c874957f40000000e3810f2e3a490cd9937a61b4e906b634a8767e7e000db93bdb15458549d875ce0a9bdb7ca3607b3eb6236d2d8245b11c808c3c1de4994b67b81b03484806f475	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e078e9352a00d901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2036 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2036 iexplore.exe
2036 iexplore.exe
1968 IEXPLORE.EXE
1968 IEXPLORE.EXE
1968 IEXPLORE.EXE
1968 IEXPLORE.EXE

pid	process
2036	iexplore.exe

pid	process
2036	iexplore.exe
2036	iexplore.exe
1968	IEXPLORE.EXE
1968	IEXPLORE.EXE
1968	IEXPLORE.EXE
1968	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2036 wrote to memory of 1968	2036	iexplore.exe	IEXPLORE.EXE
PID 2036 wrote to memory of 1968	2036	iexplore.exe	IEXPLORE.EXE
PID 2036 wrote to memory of 1968	2036	iexplore.exe	IEXPLORE.EXE
PID 2036 wrote to memory of 1968	2036	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92c6c07c39a158e335a7afdd501d93c4e47f34acc22722af1025990e64ebc3af.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KN3GI2OK.txt

Filesize
601B

MD5
b14dac3c1c6cbd41c294f2c10ddafd8e

SHA1
89f2b6ed59ac080203ad0640cfcc714189844fb1

SHA256
d8b75ba79322fee9cb70dacd1434eda647318203618b1591646b2c214b689d51

SHA512
34edeb8ef5ea931f9a73855736ccec0172c8e5afe760c3bfe6e075977ffb5de0f2655152a29d97260a677483d367b72772e0265b4bd451558a86cf4d2054deec

Download Submit

Analysis

Sharing