hxxps://wise[.]unusualactivitysupport[.]co[.]uk/

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 11:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://wise.unusualactivitysupport.co.uk/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410960550"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D1AE09C1-AEDF-11EE-9F1C-6E556AB52A45} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000f33c2325bb156fadda1d5ed1e1cfed25e4f19411c35c36b58bd9209713145291000000000e800000000200002000000091a580f8482f83eeefdefe1291e4c217c26dd0425775de66ec521fd8e556c3ce90000000fee1c5405fb54135c00f8486890938260d979334bed5e41b9d987db006bf80b8c4603f94f1d9e190de0729b522a86ab3adf01cf2f6e47ba9818a4c94941db81e8a07c71791a7169d04e8a39fe4a6f4be7b11343d189ff191a9b3e35e5003bb4be53f40179f3f315b5ddde42558f7f079dc27b49b3f8172933cecdb04b65b792da05813e17088a2c0f9153417ecf2f99a400000007e89debdcb5880ce7ff1200d0e85c276784ccfb219fedaafee0a9eb1b7004d5609ce0bc5af06a4c3f96e96f5d4ae843dff28f0f49be880212662444a6b295f39	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50429da6ec42da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000f7b259eb058454831cc32399de7a41680da0b5c6f31dc5f1312c232c18395e0e000000000e80000000020000200000005f82e2d5dfe7143f71baaae4ddca0a5ea7c8ffc596015b1f63b6fde1b9d1bfe020000000491817ebbd5ddb069d7f309ada6e8380e128925c66208ab428b32be51fd18f2f40000000888cda05e8b080e808050c69809b55f30316d4345e7c3b7fca95c66153d8bab9f429f394b20ba6cf16141d7daff51335c1e9157271dcb015d49d0528c2729050	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2572	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2572	iexplore.exe
2572	iexplore.exe
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2524	2572	iexplore.exe	28
PID 2572 wrote to memory of 2524	2572	iexplore.exe	28
PID 2572 wrote to memory of 2524	2572	iexplore.exe	28
PID 2572 wrote to memory of 2524	2572	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://wise.unusualactivitysupport.co.uk/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4cbacc1c7af858688f6477bed016faa6

SHA1
6419d3375120c6951213cae1d94f1c1a485c48b8

SHA256
79c8377f0a6c73cf9cfe2b4282494c0171b26a61158833d6b3a18e41735e8fdc

SHA512
8e0dbe22eb3dea5f03b0e9d5ebffabcdf5c0e7bbafcf03deee7fd6ce7db9f8a753b0464121d49009dd3ff3db9ed318c468f77e84d551107ad548c637dc7e88bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c522198633a294dec72d0b2adfd0b88

SHA1
87b9b3f759f998960eff5427c41d976506e41cef

SHA256
2b3b4b69b170d6a1aff3fb09e3a3f1fbeefadecdecbd5336759eb9114b41137b

SHA512
a0ea304367261eb4b2f664497b2fef36be0f1d477d295eeed54a0468a1ec85d9cd537eed7ddb7a5727b5b3eb6a26130815d4d69436c0fa432f7e2202df08f094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61da0af2c2f944b946c0611c39e5c683

SHA1
5f6ee44913bd2405d8d4c1c55557d50adb4ee1c0

SHA256
efeb96ae8b573bc572a61e0867d481866e5e48d05b83b81b95fb849971f904cc

SHA512
137bfba75230e71341895c946543525d9d64ce61fbe524eaf83cae4e4804b2cc9c00d122631d0bb21a7bccbdc6587fbc0aaa7a5322841493258d1fbe66c55275

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ff6e252d0bc6f70bd816b3e2b5e741e

SHA1
e97edb71a019c2cdb3bfeb4b05244eac3dfe41d5

SHA256
61805c6136b43756a4cba6756ccba987fa0b62d2f8b5be999da31d347d8362df

SHA512
a0495afd792ac9bb931fbc6ccf7c9524420b7c7e3222af1d85e2435770a778c9f628f31eb53837563477579a74f9b902a5b0f05e31536e6f0f34a0b15fda140a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97ce56f13cb466ce738aee7aa034fa7f

SHA1
415db950a10ee0a0e4ec4704c542eeb3a25778f3

SHA256
0a95d0498793c394b38fd9bd71e9c761712df39a4a9f3397d864db857e7ddda8

SHA512
8e66e23a29e46770d6cc07254520b2ba731773a3c8684038097ebb555890ad83a8ac7500f4a4f6f0716888867371fcd1e22e825d6834dd0c8bdd65830942fcd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b0fdf2ebfb9a7648e1513182385cea8

SHA1
baf7d3e415c49ef5de17e0aa9c1ecb83d177445e

SHA256
c48a677f0cee3fc185c5b4a41234a2cf1cf1c324e2b20884b82127c8aea1c18c

SHA512
080e1198f955cf47233db5be650ca32bbfe10fad28e436942180154593767b3c638d100bea3575593eed839069e0c16b47bebda8bed95d222fd85a049295be5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4408427cb81e4a0da5f7d259c98ca003

SHA1
113a5b315b258ebaa745654e4b27fa1285e99c6d

SHA256
76694e9120cc9c51e01bcf786729819781f0eb013ff0d96d2d5481bf483242a9

SHA512
87ca5b0b3e801a60b17f4a9800386aee7f696db34a71259c94751e94b052861abe988f304eb8c4b45d45cabcec60d4fb5b81135cc948be6cdd6d33deeefd0f58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fea4215bd97795dc27edc9dd0f836b1a

SHA1
6d682b35cf28bd5eb3c58d4ceb4c3dd137479834

SHA256
a4821b848b955450f6dc823efd49e2b639ed883600d2c040df9e4fe4bf3e35b4

SHA512
2530b0a66617c0b0b88dffbcac8f57ae47b187a12a3e393c29f4d0ca7520eb54ae2a628e7b046e514711889df6c7c9b2fb3d0a06ca44c5994a6a533bc6ce233e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60183f254cd57eb7826b811254745654

SHA1
4813b819228d00f6f5a6ad389753ec56770bc07c

SHA256
63ab65c411e747314cde474c6f2884b98c8770f592a86490899dc9f11079cf9b

SHA512
9c0b922513ae5d65ade3973e0374ccf9bc802966dd2038de9b8980d9fd2582e0ad1278e6b2a6e2864db0a6d081ccd38bade8e2117cde2b663131fc2922b38506

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ca1f9b73d5f959f57f5e39b13fae562

SHA1
46920ec6cc6f5a8c5a54376c7c53a7be52f9e74d

SHA256
cf7ad4119f895ea034b7c838e9fea0f88445370d5419b9347b972e23494c123c

SHA512
86884a0412ba6676282c0f1c9d9cee57a2902a7ce234a031af9a98b9b3ffe44ca722c7148a3ceba91a0478cb97177c49f1e38e46332cfe8c72d900c8af5be14b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e44e7926f830cc07ee1aa984848c77a3

SHA1
c8c1711f83b884edc923c7c678bd1ca24d1789b0

SHA256
6fe584c90d2d9032ee6a6f24c45efc1c2e7943de162e9e2160f4f08f72385855

SHA512
322324a0ec3ebbbdb78c9810667401a29ca53cee2c5f54ba447435056a2d6aab4e4d99cf8a1fbbee3a19dd4234560a990b890c7e2d46ab58bafad333f91f6811

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fad870f5a088661557815439e15f7bca

SHA1
aa4d16039298a98e3e04b12d632b0ad2d9e36eb0

SHA256
5d3c098885e724ddc91cfc49c127f28cff53d7de8dbc1022bd7d7253c00c1391

SHA512
2e2300a7418208dcc34fe319da46d8e2dfa028afc06ec084f35f1be43a37436452dba3f4834d53d5ae301be23fa9aaa727a1c4707050ef1b4540afb50200648c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a73960ba58ba8eb3629006f5e5141589

SHA1
5693fb6a3cca3da8659c3ab45c0632834aed8d4d

SHA256
ca4939e20f43d2f7eee8d7cee4bc4d2a8fc2c5ff22d64779e84134302c79207b

SHA512
989b56511de072606e0763f07e10cb720b75bd2cc3f00da1e8e691616a05071c2589fa99f81395fa1bde4783ef2ceff1c9b3e98c683491940dace97614159347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b57174dfc21364fb9e9612710514dd44

SHA1
3fde28044750df834902157afcdee7f94a1d8a42

SHA256
78e9ea48ed1546a92b600ef99b325e4fd9d65dc6111b843b79aa5f28b3973666

SHA512
f21bc4460c4a654e601fe96973c3d0f60b7869f94132e60e61d8bc301c66340ffd979a01ecec07617aa9ef7aa2a03e1803d2a8314fef68b2c334354cfad03458

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c5d106d0420c25ab055ddbfdb59ab12

SHA1
c48a014da88f165d772fa413b8a0869b547fb924

SHA256
ed252186027aa7b30775c8845fec6a667add7c655069b26d0fbdc20098b71f1e

SHA512
37ee7edf7008db5106bbbebe967cd0699d500c965b8fd081a9cc6610556567515dc42e8dcac571913726bb25861fe17707d74b29aefe0c90d710bddd2d51168f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcaeaeeb3445e284035940b5d1fe375a

SHA1
b7967b7c9413579148fb43784bbfd13d8349ae3c

SHA256
6cba203f0d7d74a1012224e1b21c350c944aebe8203c96bbe29377aa92c76e98

SHA512
eef2965aec2ac743c75494254e577b4f5cda79086501f18bc7803a8c43e77deb05d7c0a9333da7b60dc183c3b8e671e233f0fbc7248fd932c96aec7582aaf63c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a89dc71af141e37a1430bb5ecf47ea67

SHA1
3ae86e935ba667f8ed37471715d13298b6f18912

SHA256
8e11018fae55df2bfa3b439262c41e7cb552c142770787136b2bcfc008222978

SHA512
ff63f7571e420004069b2d48cfd2b716bf35d9acd92f1c4d9a24d4a6817963a9e2e1747f712a30151393b05f50495218210585a6efa73de808771c6d41ef28fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b4439677343031b1a206ba705adbcb8

SHA1
8c05c6e5c1cb1788a386797bc65c6c45902b945e

SHA256
7f6767001481c91dc01284e03d9fae1eb74f7e0df2473c7d129a462548e61866

SHA512
790b3a50cd77bed53a0710acf448d49b0bf09691af4f7ed3b2c073dc33edbedee7a9045a16582fa7ef60ad9d1662bc48bd379e934c8e480bc30e2350e54dccc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6F2A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6FF8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit