hxxps://qualitycontrol[.]lexxxxx[.]repl[.]co/ | Triage

Analysis

max time kernel
1165s
max time network
1167s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
03/03/2023, 16:47

Sharing

Report Analysis Logs

General

Target

https://qualitycontrol.lexxxxx.repl.co/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 64 IoCs

Modify Registry

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1205994943"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f7f24cf84dd901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "384630618"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 501315ebfa4dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000c15365255450e09249ae4db33b748e58136144ec5bafa3221d95e527f26d7491000000000e8000000002000020000000decc0f0142c5b1ac32f11140b9d54962f7afca2e7250af95d7f54730c8eaf6712000000053c970c4567a6e6bd6d4ad323726263b1cb18385b7b1da112684ba7abcb66c80400000002bb742b90dddb1d1d6ce5e85a481ab945587520400abaa1ceb5899ce600ee58b5ed932b9519d2aeabf042e99843ee3540096eccc8fe02eb65412f5edc48c58ed	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0741623f94dd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80042d4af94dd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907a3d95f94dd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02316c7fa4dd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000315b53f99bf2bb4fb7ae2a0753fba98f7e98a656e3e1e6ec50381362bf9040cf000000000e8000000002000020000000f046eb154e0c890bb8a70e29af4800f0357a302f5f7d230cd0a9f02214e70b13e000000086a331bea1ada4dec4a83bc6890919e3d18025c424c637a17e172c180c3660181a6cf09e021ae146aec5a3107e19f992c3d0aba9c5ac39e55150e70b849863f7e500bfedc413348e06e798e629320483898936fe92f78ee0236ad8bdcf45d87360ab02339a18073bf779e2f1cf3bbc0e922b26002071ebcfc09ae2b31daef8c693d80168d674be2a230393e6eb093d2119437f0a7354ac4b90fc4fecd1361d1af1a2f16c486e02ac80032ff2624429c2d02943c2d57d0ee967642fbbe3cbce6e4fe73635dfc6c097e8bc7926b9733351c653241307213c1e83c4975aa7f89d1440000000271e56ab711630212bf3d3f1302cb18403e927b983712a3745ad7e88274271c584523d963d1611b32bbd442cbb1a8e2bfda31b016c6ff5ea9bfb6ea83750fb44	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a06dfc4cf84dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31018488"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000cdd66448c2cfbcfdd9b9da1ab061d322440a9b2282f77408cf37771d49ffd51b000000000e8000000002000020000000ea00ffd9037f948e8da19bb83702c3d4837f5423df99c45aaedb9ea6360f5931200000006bb9470182836c1d090bc7d35c77f65536773aad83dfa6926e51f6436b7b859340000000bd6ebc78cc7bba8b55dc132a6c31e243cf2a0ce9f4d69d38e0137ab5a88df407befb8baee28e34a81e5f7967ceb5aeed61dda6fcdbf57caeb8541b3e2fd76c93	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0132bfcf84dd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50c6272bfa4dd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 504c0879fa4dd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b0000000002000000000010660000000100002000000056f4d4a930a526bf257587f5395c6eb17e13c289a553fda5afdfca8ac91ea5ea000000000e800000000200002000000071b16a8f186ce529b23426f39d927f5aff28ad7ea2276bc1cd51ba9d980d5f5f2000000071e22924ede1bcbf0725ccedccd3773703108c19b2f9c44727b95b105392010b400000000a0241c2fe26eef800e1e0f5eb06d9b7e83413e094084fd345567d8fcf83f17fd07b70776ff7b7919df12be26dada1a2a5b3d04a678ae7789b3ed07a9828cc43	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04828d7f84dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000f42cd87a55dc1b89d993535c105b047d89f226b92a820e00c81115bbd2022bc8000000000e8000000002000020000000864705150ea521887e895e27af64e6985ae881a8ad35c3cea312b5d7bb1c063020000000e5402288bcef19698922635cf3e40e3eb162f5edf1a84fb2b8811f5d3338cd4540000000c1f753b7f631a8634c5a29d8666c9d1d424dfd5d6214dc1dff57c63b4800a7822e6933f5c410e3c11d51f86dc75b6804d6d1c224502d65b0720edcccd1c08995	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000dbcb0bab977bde99cb47e427dc2e0e3bda3585ee7e172a910957ebfed09a08da000000000e800000000200002000000089422079154454f03c912a76b6edbc601a7c203e7c8b2fb56bae05f2ba0a678d20000000a9ad91411bd556fd727aaadbf0b52b25cdff49947cd2aae7e696c4f30a958aa8400000006ece54dafc926eeefd88844c9ca5b4e99de8d77c39b7dc5c8ac93694a9d239051e40a81d4543ad4f0b25102318e77e90e0a34d131cc46ec6720f9c1bfa83b314	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000e66450426aac152aca51ecfe7a6ee46b5062899ca6e6ea8b18de8be1c9c5015f000000000e80000000020000200000009247fbb1c0da26a8437d42b839358775becf4950f7f67bac99f3a4e1c64f6bb0200000005226ed6a70c03e801587f411904c5c7b819e6ed26fe9ce640eb96bdb9c38a48c40000000fd90c855aeb7ef57614ff810636b089f8d067d8b365be62955bd9ce9fca98186a7029a5e1721a534f509a6c87e078028374eb9fb2b3bb56b43e485e096af385c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000296c5c15d162942cec31c4910c2cf23279fd3ad92450c6be8318cbf0bc492cfb000000000e80000000020000200000008c1cf8f451ea2151691a69fa51767a8dcf02e389be858a76b49143da45ee911c200000000564cadfdbda064fe11391ef110a70addf363260317df93c9709169587b8112d40000000754bf4a255b5c730a7828281eac5d89f9ef41c693ab84fab527193702ae1783df0dc9615c250b1ccdc31917a47d2a91c7f455e0ec263c87dddfd520d64ed2b12	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d621bcf94dd901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70220c52fa4dd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b0000000002000000000010660000000100002000000058a9f184ca967e070b97c05433bbe71096797b0a2a895d310e0255b214ddeb65000000000e8000000002000020000000fbc62442ae00ae9a4f25b0fc55a4d88ffe2508c8e9ea01e3f8f9c16cb418f2a7200000005dbd3e9bec42512827903b60b83d0908f1928ed33918add6a039a86abe8c79ec400000002d5146f49b4da2832657b928e2fc971850567701bf95e4d2c9ec5f9c20804d8e61721f859cf38a5bc223f86192546b172a8cc4dafd40e59daafb0a7273b08113	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0c03cb0f84dd901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d04e3de0f94dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30ab10a0fa4dd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b0000000002000000000010660000000100002000000071b16a0616cd67a11907a3bad058e0a1b1e24c62c0204922e94c59e68f14372f000000000e8000000002000020000000253cf5ee71a994baea6962f9923a606fba1b7512747fa0fc7a7c2b01a112fa9520000000c04ee57d27c642f64499cbfcaccaccaed3972a7e3174b7fb942d2fbbc95927b8400000003bc8ec339e553a2bf1ac680412326894da70353a61f4e848c4c9b6a21bcabc0cb14cfe0cff65f5594f898c86430884007789fb509a9223f79f7db0d48c945850	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b000000000200000000001066000000010000200000005cc971e168ee617b6d7a28a5a5f895d16099c577790218aa734bfa65fb51868b000000000e8000000002000020000000db643df3479c9c5c86f0408bd8d5e287eff76382636505c9c11831a86b1a71c920000000a8a7bb63411a59525b35657c37516acb5867f2d23fd97fd695583d64ed5601c8400000000a6ea5d2abb8f0f0131898cccc79e6e4151b94c5d993a2df12d9c4c3132eea32141ebd0391ef0ae6d774727c5cdb453be945ccec86bea870370f465c3d0246c3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000cb40c3e13df757d7151ff8e6421e54061faf06bdc72cd0935217f1092b71f932000000000e8000000002000020000000f4fc97500287706cf8c19461cbce03259cb14babd60a67d07fa7b5e546bb98f5e00000004e36eefc7d53aef9ad262f4f86e7cbe658d06f0c8c3c42a5ac92f74afca445d73f41a52ce20ddd4c1e0be66d4cafb614d387d87edab34bab887f5f696f36f13324a6296e0af36062c4fad1b8a404761307f1c747bb3cd74e903863ee246325706e1af52743d98418eeb2a682b82814e8f0502f732d8924d2be149524248198478430af18af7edbcaaf2d9c5354941c22fbc341c830c5b6adadb1a537cf49cc46fe8a94f82837f90f936eea17d08c2c0ae3a2f711e27c4b8d2c8f9a09a32b0adfe4500f57c6685ab430faadf38d96b929ab5ad35ce6f84a0972ef2a7cc55ce89a400000006f2e367b6f783d6d186f5f9e2abca7c7ffef586a6534096b24469fb890275fc0165be7d5e357d9c3e1945e10ebde9c5ed79d5e13dce0bf657d068aaeffa726ad	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1229746602"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31018488"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000159501907ffeeed1455e5603793b48d1d56677f413a2fc95d6dc0f722a033fe0000000000e800000000200002000000037dc831357705991073cd22d8ac5d43ee14653a049cf2ca41604e58494ab2ac220000000fee42bd8d747fc0596a34f65a8317515b2babffa18d779bc3872009509c21a0040000000b5e789187805a3c538d59271ac7405023e05d0626287e32deb414da6f72f3a20debd64890f86080e8839fc1f357179bc95f5684f39f24581153e8090ec1fbe0a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{72F8AA55-B9EB-11ED-8227-6E4EC519A222} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b000000000200000000001066000000010000200000001d10fa26bfb80e8fa79be3f2f9d6e249173f203d7b70f6da50ff21a7524d38c8000000000e80000000020000200000006f383778d59a120e1b65c3df229f569766c8801c5965f300adc41f65f2999d5f200000001ce162f21042c2aa3990b4d8228c0c89e0380cfb9ecea571147defa19198d87f40000000ab37106e30cf6013cbe1d2663ff499daa9c8aa9ccb1557cec010a7ed00e9da9c104926d486838ab360a1a7c6a33315cb12b1ea80dcf797d8638a4878595587c7	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70911f71f94dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1205994943"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0472b07fa4dd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b0000000002000000000010660000000100002000000043a22f885ded29d299d16ef28f01e232517c0a4a417cf5b56a060c001756b595000000000e8000000002000020000000d51bf9404f56b412101c46fcaa3b1cd58bdc930b0cbd4fe88bfce6dc562831a1200000007f660fc3f6c832e6f1d41f0ce9c4675cff5d787cff897892b5966964d8a4d75740000000a1a890689d2267edb4253ecf5d5ce4174c42d75652f9fcdad78b59879189c97d4fa02e884727f74e9a6fded3aac58743cc0b1967ddfeb5ca6c57b2844c80740c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
700	IEXPLORE.EXE
700	IEXPLORE.EXE
700	IEXPLORE.EXE
700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 700	2352	iexplore.exe	86
PID 2352 wrote to memory of 700	2352	iexplore.exe	86
PID 2352 wrote to memory of 700	2352	iexplore.exe	86

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://qualitycontrol.lexxxxx.repl.co/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\zYXgKVElMYYaJe8bpLHnCwDKhdHeEw[1].woff

Filesize
22KB

MD5
0d0995a66331b615cc2b945e44446983

SHA1
e7d1609e02fe013879caf8b3496794c49b24ebaa

SHA256
96dcd92202bcdb4ba757d48f7cec0d4a1682e3dff3b60d6403992d90d4b0e0b2

SHA512
12ebb31a3879c740b33652084ff2af36d18d198353a27dcce115f84920dd3ff61fd904dd40e4faf66e3695f97d63e76ebd95f1848ac997b46767318d04ebffaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\css[1].css

Filesize
197B

MD5
e24c7f033b4f63322ca50088222dee99

SHA1
1ff1a8e5907a2a890fd9a099c7dcbb3b0411bd87

SHA256
674cec04987457836428a0a851e951f71d512c5c9f4c7b0f38bcdf42097c1f67

SHA512
4d052d1b98e2afe9f7af69fdcef5a8010b82c5d7e2ebdd7d7763e9c36dacaf4650032e1116904c837b00fea8f6381706113e4f61d88f1c1d76b2da090f2cf629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit