e73e9c40278a3e16e15fa990ee0fe30abe3dc0165b854523cd57cce48e39cee5

General

Target

11b59f986c1c6fdc47691b597af0b6fd.html
Size

17KB
MD5

11b59f986c1c6fdc47691b597af0b6fd
SHA1

5a7efd82fb1aad555d583b3ddfd0329f67f7c671
SHA256

e73e9c40278a3e16e15fa990ee0fe30abe3dc0165b854523cd57cce48e39cee5
SHA512

2f621d9b466cdbab941221e6759d6322626e879f887a821a3f63e24a6e6e7c5113fbbfe2bdedf721e62f140d6a0785890463e819674efb5b12a8471f4aa2eaea
SSDEEP

384:iEcX8TkDmQJNU4LfVwLFGg9ylzi6DzUzsQNmoc2V:PcX8g08f7g9y1j1QNm4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{18F54DBA-A878-11EE-9963-CAE9171F1CAB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3144	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3144	iexplore.exe
3144	iexplore.exe
2024	IEXPLORE.EXE
2024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 2024	3144	iexplore.exe	16
PID 3144 wrote to memory of 2024	3144	iexplore.exe	16
PID 3144 wrote to memory of 2024	3144	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\11b59f986c1c6fdc47691b597af0b6fd.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3144 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\A2XZSR73\www.youtube[1].xml

Filesize
438B

MD5
3c0b7d5734427774f6b6085dcfb7b7f7

SHA1
cf3726bd232ea268a8d28c77b10e7095e1cf1291

SHA256
005596a08245cd7c6e1fd8f0c52532e8014a2c9cf35a3f1a7b9099cf81ab3457

SHA512
7852972d0532934cd5542b4f1536e5669b618cbe26cd250d44e9238699e69b17614fb74d17818ffd1a29ffb68338d23cee9eeed93f31db287184ae69eb095220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC091.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ2SYU15\script[1].js

Filesize
92KB

MD5
4e1ddb20b9ed7a68ba00e95bb62f7be3

SHA1
583406a19ed2f7bf3dc60e6653147160b8b08117

SHA256
f7ec5f00148c5eb2875103c0a5e8924459561aa063e06b4b717df09610d7c02e

SHA512
83f35cc409860df260bf7a2b84ffc94ac21e38ff59bda7e72c0eabfbbf8d42e24d5173ece167aba7cd6878730e56b67be90f666f53e05b3dc535a5cd4a2755da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DQ2SYU15\style[1].css

Filesize
92KB

MD5
72031ee478461d2627be7c82c98ae793

SHA1
59a568847bcb53d1768d26a826097daf9c0aef12

SHA256
a0599d9d2ed8dd7f87739fce8c3c181075149a3a23f49d2c8af646811d7e6ed9

SHA512
f0a2d89044f4c97b7c37d627b7465d6762628f4cbe652a5c161c61b8878e46a52308e4a2c0327e092d9f1f2885f57937c9143d05520edf293a260417e12a6991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\jquery.fancybox.min[1].css

Filesize
12KB

MD5
a2d42584292f64c5827e8b67b1b38726

SHA1
1be9b79be02a1cfc5d96c4a5e0feb8f472babd95

SHA256
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0

SHA512
1fd8eb6628a8a5476c2e983de00df7dc47ee9a0501a4ef4c75bc52b5d7884e8f8a10831a35f1cdbf0ca38c325bf8444f6914ba0e9c9194a6ef3d46ac348b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\p[1].css

Filesize
5B

MD5
83d24d4b43cc7eef2b61e66c95f3d158

SHA1
f0cafc285ee23bb6c28c5166f305493c4331c84d

SHA256
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

SHA512
e6e84563d3a55767f8e5f36c4e217a0768120d6e15ce4d01aa63d36af7ec8d20b600ce96dcc56de91ec7e55e83a8267baddd68b61447069b82abdb2e92c6acb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RVXHSNZG\css[1].css

Filesize
530B

MD5
0a127ad39a8ebe4207492293b556adf6

SHA1
17d3dad64e4f9139cfb85bbcca6659a8aa532a48

SHA256
c1294965425b5028a83bbe5eeed0cd9b92733ec41efd07e34532522d4c97b6e1

SHA512
5aa845c5c6c20259d9c6bc0c9fdbd13ff178ba4008865f7113387767db0ad39cd53c1d276cfa4997186fd39f21d30bf00caf8d092e5c04119d992368b1563df3

Download Submit

Analysis

Sharing