hxxps://pelisflix2[.]biz

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2023 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pelisflix2.biz

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 47 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "381575842"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fa83685ded1d540852a530b073e70ef00000000020000000000106600000001000020000000decd5c6a2a92701262ad4e8e177a56129adbc337f5b50a955bea6c299d53507f000000000e8000000002000020000000d0c37d26643857121140cd31399a66acba0a58050ac3ab77b3d6c90694be45162000000012657c7397e2ad0c4f4cd2210a21c5315ffc3156fda52c4dc4d241368b400f5540000000b643aff60ed143897ff8d26e5f29d8d8fcaded7cb8d3e47858ea5aeeed3bb1eea7c5534e6fbf711941f638f1d9c68cb294ff20aac12c836b02e9219a8c99f932	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "369856708"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fa83685ded1d540852a530b073e70ef00000000020000000000106600000001000020000000b995e4f2807e20226c4cb46816893becaa54ba7cd8575cef3f09e59c923d136d000000000e8000000002000020000000c3f9a7b5fb2904385a26a1bffb0afbe5197e8b7751eb515d0603e31cdb5d7b36100100007171057ba1f2be77d054f66822d7883310e39ce03ab85b1444c66d2153aca112f188fdc9aa97d39d5de6a516c685c27525a16dab048e8f696900683b0f46aa29fc0320c9c4eba07c935d823da850d37d69ca8bd381c5a268eb3180c87abc5294fee02cc5b8bfba6ea01eda140ca6253e583d7d884be0e10e3f240ffa976fd82de58badd81fc81ccb9960fa4102a243174221cc8bdb4ace408a9f66de6d04c63fe72e01d4cb8a76471a5c71a953738e7e09bc3166737ee19ba97eb696f4f11ef66b8a416646e05a59b46ad1748bea3f0d01299573d630ef747e871d07aefe6cde1acc9ce9ccf4bafb650846016fcc27aa3b2e7cdc8a1f4ebf1ec6acbde463303f11bf3ce5ab1e681ca4d188f039df18de40000000444f0d1a6be054d52ade161a333ea26eef644819a5e45bd7bf656eb5ba5619333d3cdb5243215583994dbed697a804a09b74bd1a4a3f90d556f553aed68b7bc5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31012704"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31012704"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 007cd8386037d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31012704"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0b922296037d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f08e7b386037d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fa83685ded1d540852a530b073e70ef0000000002000000000010660000000100002000000062a1a91c65d9278e686afe395cf3bf94feece347a40ef257acff62087a9e68ab000000000e80000000020000200000007c0a33e4c1e94f85fa705e9ad4ce23da9261fa4276683e11faf3106972f1456c20000000ed03c855da73b88698474fd0b93bff1b633f91d3b6a57137827a11d95af15cd8400000004c832fe3a3689e3e89b9ef283e34b11392fe1e13ec7c54637cf144ebf157b94b7c643237d62f0e3e2df03b4f621a82b218731dc517f407c29737bffe7b9c8f91	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fa83685ded1d540852a530b073e70ef00000000020000000000106600000001000020000000d6f0664d40c88054a5484749d754e3e72d0504baf109ea81d2af4e3d0b55f77f000000000e80000000020000200000004197c392908bee7b4ce95c1b80238ccee3d393ef0ca6eca49c8345ad37bc2683100100008f7de9703c7d2427ad1e14d0ba6cc770b78dc1fb9ba8adc8af2bcd7754597df719d5d13c22c377b41c11c28c8673ab60096433e97e6d4adfedd64e48996bc8001dfd6ab97d273f0fe6a1a9358914d43b683789237f29a711b25b1e75f0cde441014a09f4028e143da64b15efac16c8dbd73a99515ea586943391e029f344e863a04e79cee570d710ea57d7f8dbdbded37a76571f94402665017717da0c1e0ce562b09a38ab512d2285bd59b74c70bcfdb4103337de157aa803f8f27aeb6af06c8e3a1067b00d1f8e95ee29af5c9294dd45f13c1e6437db84e04c889d2479971fe2cef9b9856d708571c21282a5959b817e756c082c101dfa5dba036c3147571ccef3b8dbdb67108d5a003b18e2d4369c4000000078fa4f8297d58499ef3b0296147b41bcec5278ac2d3e702da18d90c242fb3e93b3c36b7f4e4ea765c5f85536e1408c350fe1a54652afdbdf0939e81f0ddb68a0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fa83685ded1d540852a530b073e70ef00000000020000000000106600000001000020000000900ad7a6a22cdf74d550c0be38b43726d1ad501284a5d5436b97c5d0dd25d63a000000000e8000000002000020000000074a3d5ec8ba9d34d6d780b8cebadcdfda9527cb2543feb8f543e76083c3fff620000000d8e039bc69381d72d13aeb198ec8b41db6d7ca43cd65f4e7aeb5cc99b3a1dffc400000005737dc716c79b9efabe40792d7541d61b4e2e35c84839e282f31a2edf32be134169e6480a99eceb399a6682db61c17143871de8f7d185d94fc9bdca4196df9d9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fa83685ded1d540852a530b073e70ef000000000200000000001066000000010000200000007a95054ffa2d0e8c4eadd95c6adf6d27b59650b8ceefee1dd1df37867eab0096000000000e80000000020000200000001e6104508d6e0dcb18bd84332841f96c94549bce17a52082d71a8ee9e0f5696c20000000f0f60f3723535586b166242bbc533c64b031adaf0e497c97a19584d7e8479619400000007685320be65b613147a4e301d7e9fe47632620a8d6735f3d7f2d47ecf86dd138d5fbf0142ae9e467f3d5d4e8b7c6596e7db9040571eaf35fd07df17b53848caf	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a02e296037d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "369856708"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382146324"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007fa83685ded1d540852a530b073e70ef000000000200000000001066000000010000200000000e6f193c45dcfd2f9afa287eac6b4fea2a4d65dceb3e5a59ffc23d1c2bcfe3de000000000e8000000002000020000000cf5850fc52f9f536fb4dd1fbda7b007969fe796c290c793dcfae5f9926a940df10010000f308ef18394ba47d7ef016457aecb4a2116e59a20f267aaa2456eae00c3beeb55421e2140cf8df1e3488959750248bf0c39ae3506c9c6a456df1a1069a2327811263c71b654bf0dc2515c5e5c7747ffcd3a0bde5dcf8c0be23b0926d1dc4b0dd915c8099cfcb3fc0f8053d97b02e12f84a2772ba3823708f0e08072ec4bd29475184a2662b73ac566184ee73742e67b508a746ed4768f3c10a48a865c2b51502601753e7cc05a10b01d262c54f1f1f0ce34c6c491030ba309d03b2d13d4fa9be5ca219b0a117897a6a8e6a79f2fa2fb900da535c8933757b2460c36d2bba0fb54b4e03c66f0275a8c69da0b3aa215a6dd338331f438738e66a8db4e6892d5423323373fa9fc90ad6de4501bdd47aa8fb4000000090f93f1c344c4b0a070bfc0b5f00d3ded40fb57b60acb2747440f197a9ef3358539b475911b0374a5f3b4f49d283cb1a1dcc4625768f8da68d6188eeff4aa126	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4074C702-A353-11ED-B696-FA09CB65A760} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4244	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4244	iexplore.exe
4244	iexplore.exe
4056	IEXPLORE.EXE
4056	IEXPLORE.EXE
4056	IEXPLORE.EXE
4056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 4056	4244	iexplore.exe	81
PID 4244 wrote to memory of 4056	4244	iexplore.exe	81
PID 4244 wrote to memory of 4056	4244	iexplore.exe	81

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://pelisflix2.biz
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4244 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
8795643bd9448f355f1e817b1beb8f13

SHA1
fc5afcd5dc1c57ec501109cb987bec2e7b628514

SHA256
c9a53a6962ee0ada77bad358699a886e9d54243a3ae24cc182acfeaef4dba134

SHA512
4a8bc9001359c55a68bb329ef000ea7506c003ef6a98d57d769ca020758bcde63d52b03add74e39294b7b0c52abb9a07ff6ec3bd1e66f9eca0e0675b2b9cd2f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F

Filesize
7KB

MD5
2968bcd90aad32d12807327e658ee03e

SHA1
3c8f0451b90f22796b9d751cb12ab79b841d07d2

SHA256
c80150fe8977ac2587cbbdb4156835a2d3b57e87f6d40966659f785f16abd64f

SHA512
58d00c85e796bace1c47c86df71e589972583a14a4749a8195341aca7cc560a74abafd7246fb754c4c885a5a7c8509dd53c36a5a3f23f346621bbc11f08cd66e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
c031850b4022a8e186b897c7db48dd5b

SHA1
52d5836c2bda6b28bead02b25ae9f0aef573ed7b

SHA256
39f976b3e310364d531c040337b851df617fe69c5986d52f699ded4a577813b7

SHA512
95cddd726fd9ebee11305fbdc920e585e8bf88610f7c928eee7f150900b472ab22dd3f1946d11cd1147f8c39eb6519d83d49ce593c14740a4930bbcea7f9a6c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F

Filesize
232B

MD5
43d62a92c09f61ac7da3622c090ffc48

SHA1
0030d2fe9c86d66e6d14b91b6098e0546b05fdc2

SHA256
1a32ebeeb2d3f9a084a6a3a73c20487106f5c840742c52cbbae16b3c474f88a1

SHA512
d2220ea1648618513478eadeecccfbbc4719d79531b017731f1fdb7bb8119a8242bfb78be4232892c2d13b4a0dd1a9ec443c440736baaf947fb9d98a6e2b27c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat

Filesize
1KB

MD5
84db816009837bba49bf0337cc60ad2d

SHA1
3b5526ef67c1d2692eab70122f2293e165e2571c

SHA256
07d6c547f43c4d192cfc28ca41a486d4ece10dbfbf933cdf648def972c25cd88

SHA512
20655bf129f8e4ebcab22ea7478b65917826faa11b256bc1f304077c28ea416dfc46ae382f2469848aef83a7da0dd9400bfce2c488a448cab907238fccc0bddd

Download Submit