Behavioral Report

General

Target

https://multichannellogistics-my.sharepoint.com:443/:o:/g/personal/wayne_multichannellogistics_co_uk/EjAsJBZTcGlMpbnSlWgMvZoB0Stlv-xQ2K88_cwOMscvJg?e=5%3acqyvYy&at=9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings ⋅ 1 TTPs 38 IoCs

adware spyware

TTPs:

Modify Registry

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BCBBA641-9CA6-11ED-A843-F2E527DE56F1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da000000000200000000001066000000010000200000008721bce50a60e325684596f93b8c900e2eca03b1b1566583adb3456b129a972b000000000e800000000200002000000027a22d3195567d0cde0350b9779acc244c7bc8a73d6d5fa5f412b5b8f4e750b220000000f9d7755fe5470a25f8eacd7979a84746363d37e5dcf16c0792d7daa5e0e1d26a40000000afdb999afcdf9a6adcd576f7abe6eb220cfdcbe7d1bb9ce5d28e5f6c14d62a3a8d83678a37a47264f1c23b97dd07d66f87750638d6cda4c00576dd87bf1d2caf	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70625096b330d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "381412521"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000256ed27e8919d04f83812f84ee5c95da00000000020000000000106600000001000020000000971c7c1adc1a83ec8ff018caafdbb4fc950241b06588696022206f7acaae0980000000000e800000000200002000000094d7ce0cca92206764dbce6157b4caa0f4dcf32ec356f646d44ef8c2da299513900000002faa85861eee61e483b16cdff568f6b6ed0a00e63e57c24396f440438df8dd6366462abd042cd16a73a6d5cbe3f864f9a25c98f12279277e6b6f56f8e1253a47b4735b0aefd65b5836a92b29960c46cc5af3001a73a0ae8e67f7de91c7977f700ccb08d3f92946443f36f20b1998e1d0338d714a84fbcbbdf45d2ed22732e7e37403f7b6414f9f523ba9886c202cf2da4000000062434fe587ea581e97100b3a3327a256f725de948c2b19eb211d6d8e6e683794ce7cc5a689dac45ea31b2a320ecfdbf34e4536d4c937baee064be6ed32e7c6e5	iexplore.exe

Suspicious use of FindShellTrayWindow ⋅ 1 IoCs

Processes:

iexplore.exe

pid process

1648 iexplore.exe
Suspicious use of SetWindowsHookEx ⋅ 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1648 iexplore.exe
1648 iexplore.exe
1680 IEXPLORE.EXE
1680 IEXPLORE.EXE
1680 IEXPLORE.EXE
1680 IEXPLORE.EXE

pid	process
1648	iexplore.exe

pid	process
1648	iexplore.exe
1648	iexplore.exe
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE
1680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory ⋅ 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1648 wrote to memory of 1680	1648	iexplore.exe	IEXPLORE.EXE
PID 1648 wrote to memory of 1680	1648	iexplore.exe	IEXPLORE.EXE
PID 1648 wrote to memory of 1680	1648	iexplore.exe	IEXPLORE.EXE
PID 1648 wrote to memory of 1680	1648	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://multichannellogistics-my.sharepoint.com:443/:o:/g/personal/wayne_multichannellogistics_co_uk/EjAsJBZTcGlMpbnSlWgMvZoB0Stlv-xQ2K88_cwOMscvJg?e=5%3acqyvYy&at=9

Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory

PID:1648

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:275457 /prefetch:2

Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx

PID:1680

Network

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Replay Monitor

00:00 00:00

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
66bcac1d54848902293d4adef850643c

SHA1
749a4f6fd5f6f3c00e3420b126f30e8ac2d24f2d

SHA256
83a7932378a262d54d5683ca5d25a88005952938edd4f733a9c4a72aec72d51d

SHA512
0a1ac3263f66d464661321181d65c37cd72fa8e41aad762ab9aa6011c4fed0a4ac8d695eac96e9c21e512bf14492004833fc36abbce25d3ada724246188db0da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat
MD5
24ec986d8342542a560e8c0315bcb090

SHA1
71d19aa52f9cf9934fe2149fbb88a503b3333b76

SHA256
3b98b43a1efbbe8e44318889341e70677144218bfc4bb6e5f5fa1339ee5b5db7

SHA512
d5694ddeae8d9e55d5472a0408e23b85806c0acf7059737a1a5b9887e5a5d4d773e48fafd960a73d2cee0539169542808737f724e4d1358309b5488eecb23701

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J03QVSAL.txt
MD5
491a1205b96075579736d6bc7df4e576

SHA1
b76dc2acd72f9fff5baa4acd3d31e5b2cd0f92f5

SHA256
dc76aa4cc965f23438d32ed25a821d56199bd101211856ba7dc0c7e506ca643f

SHA512
4e61937533562f4b48af0ff986e402fc1408303ccd5636e1740486e66c2dbb738bcdaa343febfca1d05e79307a7c9eabdf0c5ca2983c031b0b15ff253310cc9e

Download Submit

Analysis

Sharing