hxxps://www[.]online-beveiligdomgeving[.]misecure[.]com/newleeg[.]php

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 12:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.online-beveiligdomgeving.misecure.com/newleeg.php

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409150238"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DCCC3571-9E68-11EE-9A90-DECE4B73D784} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40c65aca7532da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000b3a6efb9309e014038498a5743903f085f39b250d54e565444f0e756a8dca0fe000000000e80000000020000200000003f53aabcb8130d03603129c59bb4074a365f09dbb2783fda239910b27c0fad8020000000139e06dc0f502b157efb12c6bcf9104f569457a4967e078ea920955fcd45f55d4000000009c4218bb5f931afb1982a695ff00db074fbc2946400f3c59116d12a9108570799ac2888ae073cfb8386bc5fa8cf4645544b70b72b43ef29e737961fa725f1ea	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000795052fec0b557f3d0e7c8b8f4f19ec4bd3f9a5bdb86045ab0e57a66755c7996000000000e800000000200002000000033dfd9450c3eddce01e3564ebfca1906f5c62b6e6383709584cff4e719947cfe900000009e2b39c23685da6167c46a34d16a45ab863ca6480b487c41a20b9227b2badd3d87ab8a10794a54c05f3c9ad96eb9c6d4d73352a5b82e09eb38736d3675965c75186da2c570a6e14b06fd117136561ba3c978e2decf56ee01b62b10c5250a341753e0c7fadb12e42c177e2f88e9108c62671bb6003359d053be71f6ee203490d2c814c8c41b10b6763453c1d642d68ab540000000d4ee83a85a09d53ec3f3dd4d723c81f954a72c24b7ffd92fd319ce61d96e07a581e0cdee5ee3762c0ffac853bc9e55e9e3be1e7c6748b10de55f7cb53c3d7525	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2512	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2512	iexplore.exe
2512	iexplore.exe
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2256	2512	iexplore.exe	28
PID 2512 wrote to memory of 2256	2512	iexplore.exe	28
PID 2512 wrote to memory of 2256	2512	iexplore.exe	28
PID 2512 wrote to memory of 2256	2512	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.online-beveiligdomgeving.misecure.com/newleeg.php
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae8603e7ba4634772a3f7097ec54e798

SHA1
3a1f2bb804aa0b7d512d74523e80d1611114466b

SHA256
c6d0567eb43e4a99ca427cf17c4a180a8a52225d986e93e362328ce7e1585de3

SHA512
a26e98f05f836aaa49aef4f8051e68bf0524db8dde50fd69fd62baaefb13fb78a95a109bccb7150a8cae4c85a3381ab4b865235908d5e3fb5484faa9a010c508

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a515efb2ebcd14f1bb69d3cf8e9868a

SHA1
a3d98bed1278ec488dce601de6e51629b7eac162

SHA256
b773f33b3bcefec26ed0c5cb0f61981882e662184a9c98a89a61fe67c7374c2a

SHA512
083986e717021b3eb460cc6daa9b6f5f89b75060fed8771579e2d6e33d2450f9ba48258dac1b16d48ebc4afff12ba7ec942ea5e47d82dd07ca6c86dac68de174

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24d2dbd651876a17a9851ad3540f1ac6

SHA1
828b492128477744de0b6f10a2f493a753744b8e

SHA256
561da8a2167666f95b27174c41e88687948d2e81fba8d5cdad0e59e95d5ab79e

SHA512
6445e8f3bd929bdfdd269103e5e13497371b3cb14b327e78c9024a600594f66ab85382c2f6c2384013506a3cce2155d318f65dc242ab32824b62b9daa648e9f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e06a0eae052be2077cbadde75e32bfc8

SHA1
4856dedd6dbb473e44fb6ab0fb3bedf18cf8876b

SHA256
2f8411e5b1ecf428367aeac9ee1e02595a647fce17c6127fb29471aa91b22f4f

SHA512
15ce435186d7bbff5d306225803db7a3f29721d354287084b4a8a32f443277e9568111027b43a09a5ddf7fcfeef05dee3ed1f9e4e86d89f63bcca274387f7a86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f266318f3116ad787d3f6832881626c2

SHA1
dd2ae3c3e026c62ea2dd0a9085e0a81ed223b9db

SHA256
ece9e6ab0fdf8887966c65850dadc0027936ebc3668246acbba82152fd655b2e

SHA512
96739dfdf52bfaab6d15cc9a568ecd81ac892397458e862bfa59eabe0b1155986af28122804e8166a4002318821c6c6b5c86729ffc7a174dae9bd63ae8e41eb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be626fc4aa7c51b6740d525306ac2b96

SHA1
782e8352353aca534ac1565ce6857fdd7d7fe8a6

SHA256
ff9bf9ac5b2b999fc6c27b21a6a96a73ffb2537a1a2fbc0c1f59cea4b5e7849f

SHA512
9373ad4f8b0f06549434d265e91f347281c0f338651b274ffe29f8f82359fa97f690317a6b035792eb3c7a1fd0cff3d08e59ca943d832c011d1016a323078dcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29ff60e868ce3bef096a237488aa3151

SHA1
2579e5c6a703fef0482627dd97fccf8728c8b2fa

SHA256
d6b62f0a6a8f5f3ac7879045d7c6b395208f3e166a3dc3e30311fcf71ecd5d3e

SHA512
00dbafca9bea3673e8010e61006674a32277163eaafb864f02bdc2ae33a0a59e92b99ff89235976f657e5dad30b42fc61dad699f601b4a1a62f5bb4e042778a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
868e6d8fbe75a585e327c4efb8706062

SHA1
3a0d446aea0e2df22eedec3f420a2467941723c2

SHA256
a2f877e69f5fa0ec77aa60d8d82d7a7bcdb57858e80df22d45c86bb19577ed4d

SHA512
c16040901543f3b1c9980c72704a5d154b8490a0f5c4b61c5be5c9ff4f8a1d5be6065ad042d287ddb201a0c70834f9a8acbdcf375b4779e01dc285da35a4cf66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edbf1d4c5278419233e5d8598f67d36e

SHA1
68f0185fee532ccfa856af7f5a01fa527265e436

SHA256
63b8e9ec2f6cb09a23b9590d9b70ebaa3ed4b73220959d2c6bfc0836d1768d47

SHA512
2dffa0cc6ac37681d4c25a8d23efdb3fbf87f5b311049a61c16162d6e1353640f60f45476a566f79c412f64cf29ebcb7eb343c32e38da34c5d9a645ddca6724d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1056af8e56a989e4af475d1f78d5c779

SHA1
4281041e5fbd9f13a474e39c18b4936b29ed2fe1

SHA256
75267ff573f389923fd8729f6b2a83efa7dba64e8e7a10ddbe9883e40bf19bc0

SHA512
b53890b02d6e0208a5caa2eeb035f19dd73c9899ce3453a1d48a07a0144a53059890072a80d9fb776d1d0b51a605efb2fa3caf8a49e6e82bd9c5f2a62c7a5c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4cb5893d32cfb07fa4c32c2fc22f2ed

SHA1
c133c252ffc0d0f0f3e0d0d2a59912aa7ec2ff0a

SHA256
1c1e232de17b79624a8d0540c925fb7c5d2fbde684ff0815fdc7f94a503444aa

SHA512
4f3e2f0b2ea19c1291b3f36d99d627f8f6cc859d00b4a04169a6e24f82214fc14b9cd0da31c479d8855e0d028ecc40bd12c60fb76415b0397f13b3d04a8e025c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8216a2d0951064b5f2f71c1231cbbbcd

SHA1
3a781b63c3855bb7bd003db6ef8f79e811b10292

SHA256
442e64f8bea0b9baa7b0757aff7fd478077b8c8eb244d2f6cbce49bf909d0346

SHA512
fe93de5ca0357f966671b6b7febf04513271d05c10c37a245472e64ca3656162aabc6f217bba272a6818abfa7faa09ec90655f820652fa63cc4e67215a030020

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b04d320bfe695a3ab6cd724d4ad37754

SHA1
6e9aaea387372fbe65ad81ab307657e90bb31f46

SHA256
b45a6759b452355e90043bfb65b147f452745ecb9049979251a43290d2818cec

SHA512
18b9d43d4c21d03971dfedc76f4f06a4c30d0c3e8c5f24ecc4b68702737543bb5d846220265d4aaeab3d1b94095bd63442a1aae92b96a0f571b96bbb64701db4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e234c23e5cfb0259eadca8e50103d9b1

SHA1
67dc9cf3b0974bce8cfe9bf619bdf0eccd40a547

SHA256
6dc736a8688a509dd087bd71449757079c6129616315578c0f9f582c5700bacd

SHA512
e176929d6c02ee27bb686e1de3ab98dcde018ff32e822a8ce13a4ab28357e166caf1a18a39f2cc425b3891d0c3df2ac773d37916776ad9e724815c0703b2d046

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26df6a3b79b89fedfc2d89cd006bbdc4

SHA1
cd5e4f2bc4a3c1f2fef1945dda53e9e6415fe819

SHA256
b9cc760b9267fdea90e2ce445b2075780fdb640864318e2fa072c4b623c9e6f7

SHA512
9edf47e26fd7765fadaf19b43aa1dd8a38f2ed149369bd9482ab284da707620be27d8887fbf8620264c1548011b2cb2187976622d14bad333043baf030d12e55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4d91e58e2de90399e1ab3d1eb2f824f

SHA1
0fe0ef2af387c4ce86aca99edbd4e7b601e720a5

SHA256
0726e0748629e066d2efe7d88642c57df98010d6921138a7c5d4261affb420d0

SHA512
a405ae2f139746e16068d15448befb93bdd4ffa0dd4c647f87a984082227dcd0241481115c1b27ba4ba6803ad3d3a2dfc454e95b06394b527e1980c97c60fb2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f56811eb3b91ffd9fcfef749773f88e

SHA1
b9c82dd1fe043ccf93bb3d9e323e0deade81048f

SHA256
90fb4c7b62679a050e8093ce2d7be0e2e95a8caff9306a2bf32cac132bedbf6f

SHA512
f1415548be3fe7bce1e670e600fedbc64920897d21893061adf925ab00cd20290dd1bafd906690ce70aaa180bec3b2512f72251dd33abf0da537a7d80c3c3e66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe3250c750f99061ea113eec5e54d986

SHA1
92e6b78397763fd44fb6dd96655606f452b32b8e

SHA256
eb86c99e7394d110b283eb6de14144126e4d7d0a19c233439de005868972d885

SHA512
fb12ebfb2c7b429bb7ed3270fe02814531f335ebdb63da61130da77dfd268e9c8b804a4d4303f5d232c7fd29a64ed80c30cc3a5d7136ed1a7fb7815caf6eed8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
062674139950f501f15ddee16cdaaf83

SHA1
495b03f79c51b47787ff9d48bb98657edf16bac4

SHA256
9a3262354b89255c87c4f94f497c70ed1c471b9edbc6f94fa414886b3dff085c

SHA512
9a7bd36a3ef9ccd825c2011158a0f35438bdf2be56e649119606335cb08b79c11f5ed07cce6a993ae5cbeb88e2f6380b010fbb5cfd08206da269e746a10ef213

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD8B6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD945.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit