hxxps://brickpig[.]com[.]au/sinedin/General2/English/rd[.]index?login=gura@gura[.]com

General

Target

https://brickpig.com.au/sinedin/General2/English/[email protected]

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C8A6CAAE-C9EE-11ED-9F77-5A0CB913B9C1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b05f6aabfb5dd901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 607784abfb5dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31022587"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2654469836"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31022587"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31022587"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038a9e23718fe574b84afdc36f043bb4c00000000020000000000106600000001000020000000296552ba809b7e476ebd87732d3486fd8597032a97444e2b1dc4b6febee532c8000000000e8000000002000020000000117a89d6f5d7165517fc255dd2f92c2b4c67a05ae7aba819668da957cca83cfc20000000815f0d0d5f03215926c800683701522959f79caef79b24fed3d3822933d05259400000000a6999d97d02e544679a8e375559dcb9c7a1a47a3acb15a620dc54768ea1c61194c0a77c4dc08624c7b79aa38a3379ced31e5e2b0ce13b7c85b3c912a8e27cc3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "386391268"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2643686905"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2643686905"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038a9e23718fe574b84afdc36f043bb4c0000000002000000000010660000000100002000000022b34ff470d7a14f54ce9ad57c2aeb8bce15214bb60862a70f80706ad4aba154000000000e8000000002000020000000860b2b3e162d9f20ac8b5afd1e2640590770e8c8628d8db09fb7a6a390233a4c200000002d4d6234fc61b35b5f9fffb51ba47e5618f2d96f4e7ef5baa73fbd2bdf6b834e40000000166b907688f2c52781ae7866d00379ac11db73945015f3fc986081efb260236ce2e677fcbe198985af361c36c71ac0edb68afec8a763488870a5b381f873ea62	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

2288 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2288 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2288 iexplore.exe
2288 iexplore.exe
1856 IEXPLORE.EXE
1856 IEXPLORE.EXE
1856 IEXPLORE.EXE
1856 IEXPLORE.EXE

pid	process
2288	iexplore.exe

pid	process
2288	iexplore.exe

pid	process
2288	iexplore.exe
2288	iexplore.exe
1856	IEXPLORE.EXE
1856	IEXPLORE.EXE
1856	IEXPLORE.EXE
1856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2288 wrote to memory of 1856	2288	iexplore.exe	IEXPLORE.EXE
PID 2288 wrote to memory of 1856	2288	iexplore.exe	IEXPLORE.EXE
PID 2288 wrote to memory of 1856	2288	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://brickpig.com.au/sinedin/General2/English/[email protected]
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\osplltc\imagestore.dat

Filesize
4KB

MD5
6b4b75dff115b1a43c731f1da48eb048

SHA1
ead72eca05b5ae52ab6547746305dbf6943fb4c3

SHA256
da479186486cc5fd825d6b4f80dd0f8a7c39ca30f8c1bff589ba304bf8a9fab2

SHA512
09057d885373bac866d8b6fa218a8c82f959d25d6c67318ddd333836270921f17f22456811de1c107c50652580ea48f951ed98c4a87310dbeb65bff8f46caec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\favicon[1].ico

Filesize
4KB

MD5
32dcc581961e06dfb9a0ddb11a9cc46d

SHA1
de98f55df7bd54d44222c4cbf3a386346ef1293f

SHA256
fc9c9fdc46cd5f554c6b1a12b7ada4bf06ed5e559136dc162c15be4ad05e2506

SHA512
69a686d4685c2275ca1c05021b573a7a5eec4f85c6a920c026771ad624057d93a635f99d4e0eae6447b11bf3dc6afa3b92d409d9bb79497cc1a956c4bced69f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit

Analysis

Sharing