d822b9e3a695e98605eb8d2830c10b89b44139759fd347d32060d4e736f610eb

General

Target

172bfstrategiv.exe
Size

250KB
MD5

692859863001c43ba4e480dec294e351
SHA1

97850b10ac5dd1fc7d3abde5b8fee427e673eeb8
SHA256

d822b9e3a695e98605eb8d2830c10b89b44139759fd347d32060d4e736f610eb
SHA512

b084fdb1fa23c1440da4c86f02c488845367db3b3c3504072e915e241b29ef773787911ee7effc218aa12328afa1498cbb8586a6b886ba6d7fcfa2f7554c53fa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 856 wrote to memory of 1052	856	iexplore.exe	IEXPLORE.EXE
PID 856 wrote to memory of 1052	856	iexplore.exe	IEXPLORE.EXE
PID 856 wrote to memory of 1052	856	iexplore.exe	IEXPLORE.EXE
PID 3560 wrote to memory of 2616	3560	iexplore.exe	IEXPLORE.EXE
PID 3560 wrote to memory of 2616	3560	iexplore.exe	IEXPLORE.EXE
PID 3560 wrote to memory of 2616	3560	iexplore.exe	IEXPLORE.EXE
PID 792 wrote to memory of 1576	792	iexplore.exe	IEXPLORE.EXE
PID 792 wrote to memory of 1576	792	iexplore.exe	IEXPLORE.EXE
PID 792 wrote to memory of 1576	792	iexplore.exe	IEXPLORE.EXE
PID 3884 wrote to memory of 1348	3884	iexplore.exe	IEXPLORE.EXE
PID 3884 wrote to memory of 1348	3884	iexplore.exe	IEXPLORE.EXE
PID 3884 wrote to memory of 1348	3884	iexplore.exe	IEXPLORE.EXE
PID 3368 wrote to memory of 3964	3368	iexplore.exe	IEXPLORE.EXE
PID 3368 wrote to memory of 3964	3368	iexplore.exe	IEXPLORE.EXE
PID 3368 wrote to memory of 3964	3368	iexplore.exe	IEXPLORE.EXE
PID 3076 wrote to memory of 3576	3076	iexplore.exe	IEXPLORE.EXE
PID 3076 wrote to memory of 3576	3076	iexplore.exe	IEXPLORE.EXE
PID 3076 wrote to memory of 3576	3076	iexplore.exe	IEXPLORE.EXE
PID 2588 wrote to memory of 3960	2588	iexplore.exe	IEXPLORE.EXE
PID 2588 wrote to memory of 3960	2588	iexplore.exe	IEXPLORE.EXE
PID 2588 wrote to memory of 3960	2588	iexplore.exe	IEXPLORE.EXE
PID 792 wrote to memory of 1180	792	iexplore.exe	IEXPLORE.EXE
PID 792 wrote to memory of 1180	792	iexplore.exe	IEXPLORE.EXE
PID 792 wrote to memory of 1180	792	iexplore.exe	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 32 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
856	iexplore.exe
856	iexplore.exe
1052	IEXPLORE.EXE
1052	IEXPLORE.EXE
3560	iexplore.exe
3560	iexplore.exe
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
792	iexplore.exe
792	iexplore.exe
1576	IEXPLORE.EXE
1576	IEXPLORE.EXE
3884	iexplore.exe
3884	iexplore.exe
1348	IEXPLORE.EXE
1348	IEXPLORE.EXE
3368	iexplore.exe
3368	iexplore.exe
3964	IEXPLORE.EXE
3964	IEXPLORE.EXE
3076	iexplore.exe
3076	iexplore.exe
3576	IEXPLORE.EXE
3576	IEXPLORE.EXE
2588	iexplore.exe
2588	iexplore.exe
3960	IEXPLORE.EXE
3960	IEXPLORE.EXE
792	iexplore.exe
792	iexplore.exe
1180	IEXPLORE.EXE
1180	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

856 iexplore.exe
3560 iexplore.exe
792 iexplore.exe
3884 iexplore.exe
3368 iexplore.exe
3076 iexplore.exe
2588 iexplore.exe
792 iexplore.exe

Checks whether UAC is enabled 16 IoCs

Processes:

IEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 131 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21A2403A-D319-11EA-8770-7AA6CCA87771} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2911405781"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000aca7066993e1965c712f75b6b368ee165a0634fad28be8862b412581c3a10589000000000e8000000002000020000000efda47a29a26b608147b05518e33699dce760656071858a62dddadd5509abf8a20000000c456228ccaec4dec7f2c61f547af9b33f44bf80304a4bcb9de145974acef649f40000000eac40b53135c8b0d822e9875615d31ed63dc561da820a03c130f5efb66d195150f862ebe9f45bedc8c75b0175fd5960f394f16e079e046e15804df96c3113f83	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2911405781"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb50000000002000000000010660000000100002000000042514c17bdd1ae49a84b73435f00e19b5b1add4bb95c235af33e0d39e08e50cf000000000e80000000020000200000004986a09a5b8422e8ac94ee81547cd183ba9b07666f4aafd1c2579ee2b2d41e35200000004ea861e1d135ef03421eac13bedc63b2b412d168ce8aa9f289488b0dc6b8d589400000001fdd99daf02f952bc9715f5c9ea1831f16d57ed085a68f82163106128cf3595d364af0f142958af661b1a96896900949ae049fcace3fbfdf77880d7b8390e860	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20548cd62567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb5000000000200000000001066000000010000200000006190db0153cec0af04b7cd5a33dbf7099ac390ba7e195ecfc5a47e6b95fc893f000000000e8000000002000020000000a4f3b704d1af71bd77e46c7a9c064dab708ec3fcb1b9fbfb89de5567bed990822000000032cd3e386b2cff0f185bd75c50076f75842b3eedfc4f149f858a889e019e3b0e400000006ded08cdf257b0de8acfaefc45e505f8208c85ceb22284bcefe0185c7917b07d5cb872d68628468c6aa9531f1060f0793b3a00a38d7d0863cc15b9c485b50777	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000092ee992f06b06636a0c311ba05d751b0005053fe321cbe51f8357b52a55341d000000000e8000000002000020000000321f86998d48f9385f0b7c68f7f9b564a9562e688a7799df042fe7f31bf65dd22000000054df36c27189963c08937cd407b25f574bbfc95618eb4c613e70e64dec0629a940000000de423c7bccb6548cdf2b3fa0ac2edafffc2d924abdbcf874e559f45a8c11ca73094b78be89fc36e9a07d3be430bf25ca51fc00f6be60525307d61f7005003d48	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 900084c22567d601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000f23d341f5e46cf85ad3ef0050d9ea3d23ffb95b39b9a0f9c2b2a89343830f88f000000000e8000000002000020000000a6df97016b6041e4325b23c207de68565a01682da0ec4cc03d4d529180d0b9dd20000000851208e75beabe3e41522dd6e51b308c1b7b8bb6fee17eb95276b65932eaaaab40000000c072046a6a4c114093af49fa05e7e78dbbb03171097f84fc8c64a197c9fea5633e56308bc0a8509dfe7d3807a0e9498a00b6739d9571a20a977cc85f500fcfb5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF90E60B-D318-11EA-8770-7AA6CCA87771} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C939BE0-D319-11EA-8770-7AA6CCA87771} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F88FFE2A-D318-11EA-8770-7AA6CCA87771} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 405d7ebb2567d601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

C:\Users\Admin\AppData\Local\Temp\172bfstrategiv.exe
"C:\Users\Admin\AppData\Local\Temp\172bfstrategiv.exe"
1⤵
PID:3096

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:856

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:1052

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:3560

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3560 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:2616

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:792

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:792 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:1576

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:3884

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3884 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:1348

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:3368

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3368 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:3964

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:3076

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3076 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:3576

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:2588

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:3960

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:792

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:792 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:1180

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1052-1-0x0000000000000000-mapping.dmp

Download
memory/1180-8-0x0000000000000000-mapping.dmp

Download
memory/1348-4-0x0000000000000000-mapping.dmp

Download
memory/1576-3-0x0000000000000000-mapping.dmp

Download
memory/2616-2-0x0000000000000000-mapping.dmp

Download
memory/3096-0-0x0000000000590000-0x00000000005A7000-memory.dmp

Filesize
92KB

Download
memory/3576-6-0x0000000000000000-mapping.dmp

Download
memory/3960-7-0x0000000000000000-mapping.dmp

Download
memory/3964-5-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads