ebe2392e25b4c3d4a0990032094fd193cce39f17b571680f04dcead42829bc6c

General

Target

ebe2392e25b4c3d4a0990032094fd193cce39f17b571680f04dcead42829bc6c.bin.html
Size

57KB
MD5

78b7157812e786cc63eb362fa539271e
SHA1

bdb50db33ba6da8f4c40a4969712daa8f300e39c
SHA256

ebe2392e25b4c3d4a0990032094fd193cce39f17b571680f04dcead42829bc6c
SHA512

8c1be15e659247bba241a8ce69c433cee921746a540c7d645d9f076932261156a1681bc7126621be91c1e40374f292eb2bde4702954e7c925b68e818a10f5ccd
SSDEEP

1536:TvrvXmXuOfgA5nGSIbRkk9cjM7VMIjkk9COG:TvrvX2GSIbRkk9cjM7VMIjkk9COG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 40 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b0d0caf019d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abeadb79f53a214a8e6a95effd3d9fbb00000000020000000000106600000001000020000000655325cab544a89f461d4906aa333dfa902e85af4a7bd5f26ddc050336b5d24f000000000e8000000002000020000000918a0c331a28233fb239fdfdcc6fc085dac54a182977c847569d41c9612a11e490000000c4867539d6e1b0f5a05140292f6410c81f312f192fe6dc181633a34c745ab8a4bedcd2bfabfb6111ccb81266b8963e4e8fd58d8b903fbf3790bb2ec1a8d2e3cc0f83d8b3dfbc7ef05b3bdb774e1ba625cafe13e905bb91717d4396ed6a5108b662919c7326b820d47a3c773e26b11bc4a8b159b0791782a2937c104a00a28bd21ed1b4800940ce747a76cda403a80e7a40000000c25beb9a0ab4983bed032f55f49c9d419841d6d0e6e78035b0398882bcf85ca06e799542824bba3628bbacb1097a5696ce9b06cce9fb9e504abd325fbae503fa	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EF42DB81-85E3-11ED-8FA0-42A98B637845} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abeadb79f53a214a8e6a95effd3d9fbb00000000020000000000106600000001000020000000ed58867df52e8ef2987469ae47b2c473270cebafaa5be013adf509dbca21ee02000000000e80000000020000200000008e2d6ad7a4ada9d3aae33c1ffd3adc0349f4c197411b60935da840f5d694d5af20000000a5bbee90a83329db8a89947477f725322c0f2fc900ff222e527f4d0e380ffb67400000001a1ab050c2ef319ca81d5e88760dd0fa7a8a7b946a3a0e8257c3985090cffe72665438d62f59a8fd8cec6d1542bd24b3370098cfbe9b78e578ae2326d364a100	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "378909930"	iexplore.exe

Modifies registry class 6 IoCs

Processes:

IEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WINWORD.EXE	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithList\WINWORD.EXE	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithList	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_Classes\Local Settings	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1044 iexplore.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid	process
1044	iexplore.exe
1044	iexplore.exe
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1044 wrote to memory of 1960	1044	iexplore.exe	IEXPLORE.EXE
PID 1044 wrote to memory of 1960	1044	iexplore.exe	IEXPLORE.EXE
PID 1044 wrote to memory of 1960	1044	iexplore.exe	IEXPLORE.EXE
PID 1044 wrote to memory of 1960	1044	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ebe2392e25b4c3d4a0990032094fd193cce39f17b571680f04dcead42829bc6c.bin.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
7f8c0fbdfe0ae6b73e95ea09754599bb

SHA1
7828e00a4f9021a0b3c46be0b8a26ad31f4d440c

SHA256
71c20e5a69dace78cab07dcc463ea8c80cb785de3980c3648b8c064f29bc9672

SHA512
6b694144d15384a5c71e86f81715a363d1c4a84492fe4ba190dc2f202d37e2b37331dfc4a8be6efd9bc70f8c398e9b96b3b1216b489557b0433f76498d8432ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0HDW6LVX.txt

Filesize
601B

MD5
9d1d9a8e9a22ed702ccaca46f0a6d183

SHA1
209e2773452ed607c79c6a622f4b2bc87eaa6607

SHA256
7ecabbab80021d7b12c8d6536ece1d7d5210c04be54eaf4910e9a891d713a267

SHA512
26314ae0dd36fd98e1a9e2363ef0b54b1c2f7055f246308749409c71525f28a0423a109946c5114e2ad2a64d824e433917da4dc803bbc440078b9440813a643b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads