Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
22-03-2023 10:09
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://jrsp-cmpzourl.maillist-manage.com/click/1c311a0864fa39e/1c311a086414c25
Resource
win10v2004-20230220-en
General
-
Target
https://jrsp-cmpzourl.maillist-manage.com/click/1c311a0864fa39e/1c311a086414c25
Malware Config
Signatures
-
Detected phishing page
-
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3717967807" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DOMStorage\manageengine.com IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\manageengine.com\NumberOfSubdomains = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31022254" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31022254" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca1302000000000200000000001066000000010000200000000b88a3c821f67068643f9d1a0936b5eb5e2bc19349f0aa2343bc7b1544ebd281000000000e80000000020000200000001f95161282506dc6cc8b10f891244e775ef2ec6a78c41d34825c9cb37870057220000000b97f012e6225fd432fd965a90ee20aa58af9a530855d90b20ff6a69ac2f5d37840000000e02ae1ca1a4257ea7e439fff821cbd578a9d8c6f60a0c4352c82d03b7fbd59e8bd8f771c884d4907fbbd4baab5e37184b391ea136c9f5e98a59bc86bf17654fa iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{088BD530-C8A2-11ED-BDA1-6A8031F758F8} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0d08fe6ae5cd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "386248357" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31022254" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3717967807" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b02da5e6ae5cd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\manageengine.com IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000eb827cf93ddd146af8365c0e3ca130200000000020000000000106600000001000020000000e2b83a4f64df9a5de450943c29e3566f86fe412475ea951e5171db0237084c3f000000000e80000000020000200000003f8edfadf1ff6cc3c2f44879eaeda16e0dea0565b0210f16874ac297e130e97020000000b7158278d8a64521a77c684669f12a28796ec61475a808d4982740f9e6b4f0a440000000e2bf7aa79a549ef065dff2440cd7ec5b3630ae033212950374197bbae89f675e82be0597b07b6c501f799ccb600fb97eeefa9fa5d9e65239688eed6f5a52d3f7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3770244691" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 4104 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 4104 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 4104 iexplore.exe 4104 iexplore.exe 1568 IEXPLORE.EXE 1568 IEXPLORE.EXE 1568 IEXPLORE.EXE 1568 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
iexplore.exedescription pid process target process PID 4104 wrote to memory of 1568 4104 iexplore.exe IEXPLORE.EXE PID 4104 wrote to memory of 1568 4104 iexplore.exe IEXPLORE.EXE PID 4104 wrote to memory of 1568 4104 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://jrsp-cmpzourl.maillist-manage.com/click/1c311a0864fa39e/1c311a086414c251⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4104 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7s3h6i\imagestore.datFilesize
15KB
MD522df905a8a60948278d5197547465bbd
SHA18372314650a16432aa649be0a547629d9b8ccd02
SHA2566d3631beb63d3de305a33010905326f81729732de8e901b2fce1c9ab2c1b317d
SHA51237e3b6e88242f601a282f45c9e077c87deabbc16f32c1dc80dd051030adb32bd116dead2482ea8bb5f985b38da411ba1c40141616a068bd4f26d7f2bec8107e6
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\favicon[1].icoFilesize
14KB
MD53691a7e782c685b44023c9c4e3f3a31c
SHA168c2cfbe1233c391d73a16f3b10b763d9d491b7b
SHA2569c39ab9b766f89b7c9c078fd0fa0f4c095931d09c505428e6b2cb3dd3f19a8a3
SHA512b60ad86c8174b62439fd139ed820a0db4e705ae1254d8c444e89e153c962460f41b2d42fef9774db3740817013eb420c7b3fb09d3f41aa2756dcc10efba74683
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\jquery-flexslider-new[1].jsFilesize
23KB
MD512ba677ca8d53b08643801ce0764ed4b
SHA142296192aa25c117fa8ce357bda40a710d2e1468
SHA256fc51014c3f4bfcc7847fd0f9552af88afca6afef767a6afdbc87128766a64c99
SHA512abc30cd66494f80a7a8c5fcb66d16345df0ab496f227a1ea90c36033e5f9e25ab90a16ea15e861702a4f1e2209434a7cdefe06373e2741e40bf7392757e6eebf
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\zoho_puvi_regular[1].eotFilesize
50KB
MD5cdda956b52a848ecb4d75cf91fea5737
SHA1c7136eaa7579f4b662d819406ffe98fd2f4ac07a
SHA256f74fb269f4339bcd84b3034bd6f48f8db6a60103084f4f17aec5396996c67bb0
SHA512124d8c908654c3dc1749114522a3917f89a870ea71035539e9deada88e0634523018b15042bbd40003f69b4ecbeb61d8c353288908f1e0c8eade874abb86dd1d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\zoho_puvi_bold[1].eotFilesize
55KB
MD5863af2667bd90df92bf84974d40621fb
SHA1e8757cce5b799444167ddf2e4c1a7f0a69a315e3
SHA25619d47cbeffe149090a7c35702b9e9df811d55474f7652ad4f13c78db80eac1ab
SHA512e6cb6a8351d191451ee1a6423437d37be5eb4621fe55e896293ee4368adcdea269b5525734fa6ca8a15afa082711a6f9ea8661249996a274662c953fa9ecb45d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V6GB5GU8\zoho_puvi_light[1].eotFilesize
59KB
MD55351daf4def92e051e21c33b1c01e421
SHA1190556ec758358d7dbe87dd73e843efb2a93a41c
SHA2567d67af93390da4bc340ebe5aea8da43addfe129d3f59571821c2e66dbda7d777
SHA5126e716cf5b9dab871f9de6def4279bd7b1d95ef528e9ed36fa39544ece5b65777738c242e8ca322073043c3075ad47b6f86618102f6ba1884ce0eeda73c39174d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\suggestions[1].en-USFilesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\zoho_puvi_medium[1].eotFilesize
58KB
MD5d3721ce4119fbf073c2175c7079f9a3b
SHA1bd5ee3ec90a620491f35b30d0b1fd9ca249cfda6
SHA256b7cef1af86325fbf4c104ff74fc66e4f2a53e257870879269bb5b6737ccfcc79
SHA5126e0e9ae245b582fb8366a5d3415e2f9f5ece42c2658ca10b6a289c832d2b5ef6b069341913638528163bb12edc0378d500e4bb69516b1f1a10e147a25b0da3a3
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Y624AVVJ\zoho_puvi_semibold[1].eotFilesize
59KB
MD55a4543010df2bf08f459d8f8af468421
SHA1039413592a460ef4614f6c5e377178cc00ea3e7d
SHA256068d94603729696a8ce5709e9d35462d6b896a09fc3f943f618420ca652effaa
SHA51232188b956b7eb608ce4f62898e33cb8d5b14339d410683ca43eebe7a0f21476e8dfe9201c3f26921cca2484f11aee6ed350d3ab7c366bf5d170b6242d9f2347c