68468ce39b8cfa1167801f23aa90d417eba87196a0647755077420050308171d

General

Target

171a1350c175d40d1d5d96ca64d71084.html
Size

7KB
MD5

171a1350c175d40d1d5d96ca64d71084
SHA1

61a133d11451a3ac8909515465250474e1ff72e4
SHA256

68468ce39b8cfa1167801f23aa90d417eba87196a0647755077420050308171d
SHA512

803370e8af6b1848e6167d6760b1816cc1ba753d600cb4acb97721a3e2265356b9a021c4c42d23a12c63a97e0f614283cdc9508ac41bb38775d15242c862f5d2
SSDEEP

192:FtoTbaQoJFNN88B/SNNqZgB825Q5jbvvvzPmaY9:Ftoy5yg6Q5jzvjA9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E7AD8F1-A2E6-11EE-8CE9-D2016227024C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
700	iexplore.exe
700	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 700 wrote to memory of 2208	700	iexplore.exe	15
PID 700 wrote to memory of 2208	700	iexplore.exe	15
PID 700 wrote to memory of 2208	700	iexplore.exe	15
PID 700 wrote to memory of 2208	700	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\171a1350c175d40d1d5d96ca64d71084.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:700 CREDAT:275457 /prefetch:2
  2⤵
  PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0548a190b0882947ff1fcc3b847a1b8

SHA1
85d5e426bfefd31ab3fa33a6662f4f9dbcefd890

SHA256
60b8a8569d9d2bcece3ecead49cafe752d12f4a21f7b5d01507e284d9a16ab99

SHA512
aaac70b6c58fb0a39514423b44e7d88f230180411ed66be2372be604b7ac7e370767c04f966c56ff2d967a1727755ee282cf91441bbd46675c76fded69adc5c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
474a8c589d60d705bb3e3791607d0e3d

SHA1
6716ac4ed72ee8f72ca0b654f273e648e15b82af

SHA256
a7435888b082f93c95e66a0b4c9ff7dbc8040ff46d3ae283cfda2436de484f3d

SHA512
ea164c3baffce07ec0ef8d614444694dc1e9aafa722ab8b35e713c9c390e4c460d52c1c0ec1bfaee48aa27c27dbb27f7bb394c2e78b60792a66b39cf2b2d8121

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b9e71d230628841c6fbb8c1899a2b5a

SHA1
0a7a13ffd119fca377aa9fe4a1cfab9832a38ccd

SHA256
c12937c0005ed52e5736db884d26a85bf659095272fa0e94aebabd14e87f0d66

SHA512
ecd4155a9e05f6b0223f800676cb16f79e7b1d3fa91c0e2029d96f00140d7f4f6224da6ea66cc0e656ed4597c7e555cfcba8c617d1f6991c1269bea7b482ec89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5463b2b3df4ac57ac27f04cce27ac39f

SHA1
8faed0801f8dfd819dbcb1aa323afc8aa5300d1a

SHA256
adaee5228768383ebfab46546d2cb1809b90dad46cf294d020aad098cb9f38d2

SHA512
4cc7d2cc4448b3b1ae8ac3aa12880bbf2f91d97497ef052e4dbab2e8bb9a21816ba1a9b7d7f7510756ef4bd997eb971c17f8b999396236a6bd0a4fa25c4d5a67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c64a0065d2e17f5f6d8fccdd05321d7

SHA1
b4dd3c088c2da273af1de0d28d34dd309305e5f1

SHA256
b239299e2e7f6e1da0a22716d84b77d19dfea2cbedd071dab564487687540cf5

SHA512
14af9114d13681fd83addb06c9875341953326db8f2cb6cacff2a19c9a7739ae8c4d615ea7e850e151494954addfdf269571b00d0a0cae360cb29a482c73d324

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fba83d5c10fc1f99105295d05c9364bb

SHA1
1cf66f922065d0265053f10039ec4a67a59857ef

SHA256
128933de7029dbc4d3d58190d0183987f737b142539ae560c1c89ee19ef43438

SHA512
333b3561a8b57d145bb1722afcacc07375354fd0d7b3671f5b3db3fa1077e8476a8779c0155273f9ae40bb9b3524d7d49a9353aa8af085d7a80aaa8ffaa5f89f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1C1B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D18.tmp

Filesize
133KB

MD5
6ef4c9c9043e656a492212186809b12d

SHA1
e7dba38a2ca9f90e709948b3ea472af4ed1daaef

SHA256
126db28d9c0b15c7a5757750ac02568cb45cd36ceb6db91580f5caf7c214b1b4

SHA512
2d148e82aaa3ba061a70508697755c53eed4c449721fb5c85cdc3fe343f2b99968a6413cbb85cbd35f1a8e2fa2e3195d1c60d86693334c0a32676272e8f93ae1

Download Submit

Analysis

Sharing