hxxps://jrsp-cmpzourl[.]maillist-manage[.]com/click/1c311a0864fa39e/1c311a086414c1f

General

Target

https://jrsp-cmpzourl.maillist-manage.com/click/1c311a0864fa39e/1c311a086414c1f

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\manageengine.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "3799"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31022424"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\manageengine.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31022424"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "817259685"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\manageengine.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "233"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10e7f937585dd901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "121"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "331"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "828353356"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "325"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3799"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "817259685"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a970000000002000000000010660000000100002000000027bfabd2a915a0e9acd5397fd16de5f5defdc74cdf0f6ce8bae1a16bc475093f000000000e80000000020000200000008b8ffd0e429e3734df3a51e96e8b038786aa9aa2d303ff69c14c21ace842ef8f20000000f2858a5abdf50bd5ceb767fd13666ab41477d72fc0260aad7c16e3dea2cdf8a640000000f2d28645dd85b025d769ae5bfdbbc32ce6cec48b4888f5aa03929851957bf7fced9ac87d78575f3c357289fefd3ffd666e4ab428a53a6ac4f1a44cb91ed0a0ba	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5019e237585dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5BCF1471-C94B-11ED-ABF7-D660CAC54930} = "0"	iexplore.exe

Modifies registry class 1 IoCs

Processes:

IEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{61AA4B91-7BA1-4BEB-A4B0-4473AADF56C0}	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

2212 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2212 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2212 iexplore.exe
2212 iexplore.exe
3032 IEXPLORE.EXE
3032 IEXPLORE.EXE
3032 IEXPLORE.EXE
3032 IEXPLORE.EXE

pid	process
2212	iexplore.exe

pid	process
2212	iexplore.exe

pid	process
2212	iexplore.exe
2212	iexplore.exe
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2212 wrote to memory of 3032	2212	iexplore.exe	IEXPLORE.EXE
PID 2212 wrote to memory of 3032	2212	iexplore.exe	IEXPLORE.EXE
PID 2212 wrote to memory of 3032	2212	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://jrsp-cmpzourl.maillist-manage.com/click/1c311a0864fa39e/1c311a086414c1f
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3032

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UCTUW4E6\www.youtube[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UCTUW4E6\www.youtube[1].xml
Filesize
5KB

MD5
d3ed1174a34a44e08c16d9f572f7f2de

SHA1
0ee2d63a759361b5a9b50029ed57dde1f2c683e5

SHA256
a95474179a78b32f159a42e77d2a774d66e121377cb4778f254cca050842af3e

SHA512
8399c2f53d77d48c4f2eac3eb3eee91d70c6170cb809108d05b0b8e3d463c6307178797c9f8351cf6f6c046037f26eb4fe2485b42af9d55e9d966f42b59d3b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UCTUW4E6\www.youtube[1].xml
Filesize
985B

MD5
291648775fe57be55e4729d92cbf25b5

SHA1
ee8256114e755927dc79f525d1a7e107aa61acf3

SHA256
f0c8d56b6ee2a843fb12d004f4cbba6f00bbeac63e8909df0d047fb96671e539

SHA512
393d4701f795adc93ebfe9618dfb8af65e2a250b54063c49b3d78b6462bffb960fbf33fc6eb3d229153c46a940c5f721c3103021264bbc281aad707eddd66380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UCTUW4E6\www.youtube[1].xml
Filesize
1KB

MD5
0ef5b862710dc027eacd39a9013a3afd

SHA1
ae3000297f6b8e5bbf71ca8a88b0989961deb96a

SHA256
66b189ca75d27498e63250ba9c3b57f58820c17cd203c69ca1c0ee89a33c807d

SHA512
0466eb87411b8c718b72c74747c9d23e00e53b80555aba3b2f0b5eb001688b22da5582dbe5a885c8a5883fcc95a1a327ad9d0636311dc1183d26ea8749a2ec84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UCTUW4E6\www.youtube[1].xml
Filesize
985B

MD5
2e6f21ddf2a238f344963763d32a0c94

SHA1
222d1400bc08791c779937bfa00a7ed8085e1f8f

SHA256
6b96a195628018239a2adef37d24e3845dfb82ddb628f6e3e853129a02791405

SHA512
eef3bed98d793a6fd39927495406f4485c496f361a07627f79f184e7a1fa93831046e6f98bca336cd1273ece465de94a98f1846030f92669acfac34e1ffde4ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat
Filesize
15KB

MD5
f99d5c559469754a826bce3b9f1a3742

SHA1
05bd54ea35456e55beaa2839a3d64ac0e04d185b

SHA256
76792f03d92a7f109523ab0cf9667c64727130e32cf704bb37a1e1424bc956e4

SHA512
821c2a9f3bae098d235fd949da00ffeade7950b06899be7a78c69bf532d35e58b2196638e53be55677868683dcc20e9ae6f2bda455a7dc15a731f42110c58027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\favicon[2].ico
Filesize
14KB

MD5
3691a7e782c685b44023c9c4e3f3a31c

SHA1
68c2cfbe1233c391d73a16f3b10b763d9d491b7b

SHA256
9c39ab9b766f89b7c9c078fd0fa0f4c095931d09c505428e6b2cb3dd3f19a8a3

SHA512
b60ad86c8174b62439fd139ed820a0db4e705ae1254d8c444e89e153c962460f41b2d42fef9774db3740817013eb420c7b3fb09d3f41aa2756dcc10efba74683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads