d09617517bbb2c6aebec4f6ae8448c467652e6986e9c04d5e02d0a29808f06cf

General

Target

index.html
Size

1KB
MD5

a19088066c29177d199adc67793f46dd
SHA1

04d17ce2eaee378f250447e95b47731325775535
SHA256

d867a39a5c14c3acc700926c768d34833f9eafe564d5541a97170aac6faae0e4
SHA512

8d6a46f0468d91128bde9a92f2094d3e46d73ab68fffa061c0ef5858bf68ac6ac53d35a54e13b3d17a2c9a572ab652916eca684434a8db3d58b6dcd7115a6418

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31038395"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d3921abb9bd901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e43e3d0401f3d439ab05a0144ddef1500000000020000000000106600000001000020000000f9bcf251138ce64bd08f94130ff578cb23bd8dab0ff281074a53f2d27029a28f000000000e8000000002000020000000551161568b399c261be4a5168f2961f87e1e6021b12b13b718ac7a6fe3b016f52000000057042d30ac3bd8bef66ac86e4eb2d4a4ed5e3fcae10967af65f62371642edf8240000000f254e5fd274906cb3796122aa88b50a26f94fc32d41c3fdcbadc4df61de976d31fd391b67affcd24e0dafcd78a1744290bfc944d9f9b2ad82e56aed3469b02cf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{445BB6AF-07AE-11EE-B7D7-6A765FEA1DF2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "393180530"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "422703405"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038395"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80a1aa1abb9bd901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "422703405"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31038395"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "434581087"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e43e3d0401f3d439ab05a0144ddef15000000000200000000001066000000010000200000001e4229c921badd9d037749d9c6792f48bbcbe140ed75b1230b0d0edbe5c06492000000000e8000000002000020000000bb7d0b6a422282be26369f631e77c8f72de81afebf62040b74235f174bb2b1e820000000e84bf2f477e24f3b63458490807779590cda1bfa19de188f2eb639ded96a02604000000067e40856323b7eb294f73f5dc99e243a1fa0a66172a15c96838de13e74394746a94c2ad524c3fa9c0b5fa724b7041c3a21abc4e69cb702d8df96bbf012264e28	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

4460 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

4460 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

4460 iexplore.exe
4460 iexplore.exe
1280 IEXPLORE.EXE
1280 IEXPLORE.EXE
1280 IEXPLORE.EXE
1280 IEXPLORE.EXE

pid	process
4460	iexplore.exe

pid	process
4460	iexplore.exe

pid	process
4460	iexplore.exe
4460	iexplore.exe
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 4460 wrote to memory of 1280	4460	iexplore.exe	IEXPLORE.EXE
PID 4460 wrote to memory of 1280	4460	iexplore.exe	IEXPLORE.EXE
PID 4460 wrote to memory of 1280	4460	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4460

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4460 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1280

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
f555af3f1b663a55df56040069b6097b

SHA1
ac566b3ec3882b349616e37dcce15f1470496361

SHA256
e9a0504f3aaee42e85baf24a611a6c237ba0de8c974cf2cb0b9f26913e445d5a

SHA512
8fca6bdd6356875a5e21d988cc809e6d062c1ee3271293f837968138fc4f302c5457707c4152a62b1ab8469c01c90d4dcde80bdbc210541ef12d151ff6edf1c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
404B

MD5
5b2b352e97de1848b6e143a484aeda98

SHA1
9e32515fc723a99b2028a87eee18530160d233ea

SHA256
0e9619791d158bc835d31facf0f0f8f815ab030e5fea15668b6cf5f2cf253c64

SHA512
2016c68e328da0bd62fc23ea3d192eb7e0e33e1fe2158fd531d4ad91be37e73aa94c34b35fcc0ca031b63fd8aac85db7bc9002fc11a7d135a0c7053612304d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit

Analysis

Sharing