5e19cefcca3d3576ee674719b567ee6f438b33423b7d5f21c43df9bf72e9669a

Resubmissions

05/12/2022, 10:17

221205-mbvc3aea4t 10

05/12/2022, 10:13

221205-l9jhsadg4s 5

Analysis

max time kernel
89s
max time network
94s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
05/12/2022, 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

POC37100NLC001.html
Size

371KB
MD5

7feec814ad3b6f50786290ca677518d5
SHA1

9988d80a558f034a9f4b990cb7eda02ed3f94650
SHA256

5e19cefcca3d3576ee674719b567ee6f438b33423b7d5f21c43df9bf72e9669a
SHA512

e27b813f14e852bb02aa94d94a4b8f1ca63257d5464fb3431fad7503dd9119fc02c1a4a4a74314f9cb8e21d8695f5ad59a3d53cfe18df4b9f922c840da64c3c0
SSDEEP

6144:tl1+DD/HefegYTCMcOzSr1gOKA49iOrVntRv+B/IbJHfCEI+a6C1:tl1+DVgbMcOST349iOrVn3v+cJbI+a6W

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Modifies Internet Explorer settings 1 TTPs 53 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3323161850"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000475c2b598770fc43af87a7f8b2e17b1100000000020000000000106600000001000020000000ef0a6f82b5e0f183419947b5722c9996c38db32848548030052f3c3d02462b49000000000e8000000002000020000000d8fee350c9b37f047fd6c9888fd0d70bd3dae8a6aaa72535775e7d2df5aa89a82000000051caa72fa9114e84eebb95d476e713cbeae68d3b8c00aed49878cffee0a9b064400000003a14a8ce5e95aea9638fc7ae0a02e180d40fa390248d0763307c61742c63dd44b47821bbad60981ed193b1b18e8f344b87824cfa5ede1f4cb4b66cea47677e67	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0506dd49a08d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000730"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c01b42d79a08d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000475c2b598770fc43af87a7f8b2e17b110000000002000000000010660000000100002000000003f3614b00c3c13e295f99d0183aa41db9fd70a78f97a201d87ba8d0e418b043000000000e800000000200002000000083998a353dcf53ad8708fc82f94ac31338fe1bd6f884ce138e2c7305e2a883732000000093f4fcce2eca8a779b2eb14ee4a58dbebdf537cc1e91b9c120246e7745007a6940000000dfac302fd3286584914ee62d271bab33d61244a19cfe6273697e298c7a4b96df445107221b5663137c7ab98eb871f14c3ed32e1809d9330cec4f618fe15fd84f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31000730"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f022a2d19a08d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000475c2b598770fc43af87a7f8b2e17b11000000000200000000001066000000010000200000009fd8c359509ecc992605b9788938744e56d707772e35d81451ffb1da9f2176fc000000000e8000000002000020000000b7fcea06634b8f8c65d2d1f29f241604b50a867c21e1ec6761b2ba7dcd75f3ab200000009ba2a927e78917280a3e43e3267ee1b23ddf730a032e7aa8e57e7b77fea0b063400000002f91ac5377596d94e449ddcdb58c6550f293843e60fb2af7523070efffc0459e4f7979d36add7980d97ef233b3a83f1a9ef0440808b5b1c0534c7ffffb5fb5f3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000475c2b598770fc43af87a7f8b2e17b11000000000200000000001066000000010000200000003736feb6a5c7cd7da8719f90941df1c08010881322d50bb32f3fc7a22649fe11000000000e80000000020000200000002a580d8f2e0700505f1ba1cc93706414802dd681507d73aa4e6036b47488165620000000aab88c85beeb9d2e6f6017189f89ec6fb844e3f0386c99aac9bd504bac1fd8d3400000005cd379e6265d2f569c51ae26992f1829135a8d351ddd2415d96c50b7e6c216114eb74ba9a59acfbfc4ec9f2edde4505e793cd53dfac5a34856b6f247c8c3e2ab	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70cfcbd59a08d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "377052420"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F0E3B5FC-748D-11ED-A973-F2C43DE0E5E5} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3421442950"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3323161850"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "377020429"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000730"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2482096546-1136599444-1359412500-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "377003835"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2584	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2584	iexplore.exe
2584	iexplore.exe
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 2276	2584	iexplore.exe	66
PID 2584 wrote to memory of 2276	2584	iexplore.exe	66
PID 2584 wrote to memory of 2276	2584	iexplore.exe	66

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\POC37100NLC001.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2276

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
65f24090ffb72280bcf05c7ed340bfec

SHA1
7371a4493868cc1818a48bf7f0f3730c15ecde7f

SHA256
e8db62d610248277631a36310634399779a15c05ebbef6caaf701f71fd593826

SHA512
7bc1e220ec0e157246722928101c4b91e73739e2d319f7e6f4fc74cd229ce447cadd2b5b4d73ad00493473caa15a8f8b54cfa2c691831536e72290ea25ea72e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
24df9343a53701dcc3a037032e374678

SHA1
0a18d0f2be7b8d98903803962b5eeae55fe8db48

SHA256
011bffdff60f005204fdd26d06a4f94b81a89b9c462681fc4a56e21d7cacedbd

SHA512
0c33cfe106b4d68787b794fac2d5aa027f3d2aa63b0f015778cd6a10d5b6c824a2f9c012b79badfa8d12a971d80ab5a289a181c02aae3bd58fccb68dc892793b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\3TB1V6I0.cookie

Filesize
610B

MD5
8fac085758b2eac1aeac1839a5e32cc4

SHA1
72397f095d19adedb91e1d19cfa1454383c868d4

SHA256
40714e1c8f2cf11488ee5d2162c98fd788acfe5f7ea2631694283d859d5f59fe

SHA512
62dec67fdca4b97edc957a012aadcc9896fb2e5c3488159f9f4a87e8b421eceb036baf24d41479b87c92d6265702c26e9eb48e51a639a34accf92d335a8cda8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\IEQNULXX.cookie

Filesize
611B

MD5
ea02020ff6aeafdf13b760ca4b7e4ac9

SHA1
62353a9e6d78fabf8a11cb6eac45f9e391d5c8e8

SHA256
5772865ecd6a81d6302c62c13bdcb3a95570faca396e4d58b32014ed98b9e4b2

SHA512
228c97ca1c5471dc9893a71fbc5f8152623df41202ecab08b3b6e3bd8d2dd2150651db5e146a997a11e6d4d040f9bee13457688e79633b74ef6888525004b24a

Download Submit