15ade7bdc134a60f35b87cc7b9466cc2642ec1bd39e9811a084c17ed1eab890e

General

Target

240bfstrategiv.exe
Size

250KB
MD5

3076fea5eeb8aba65550a1f63867b048
SHA1

5c458fc4dd5bef4b8b62cfd6f9fc7172aaa850ba
SHA256

15ade7bdc134a60f35b87cc7b9466cc2642ec1bd39e9811a084c17ed1eab890e
SHA512

3285813b4f25049c5bf9a23b6b15634f419a39ae3e26698806932f2b08e64e38830035b3745a55ef072e65bbc5f4ee9f79adc900fd661e0cbd1d3430d0165bc2

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 32 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
908	iexplore.exe
908	iexplore.exe
1232	IEXPLORE.EXE
1232	IEXPLORE.EXE
2712	iexplore.exe
2712	iexplore.exe
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE
1824	iexplore.exe
1824	iexplore.exe
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
3412	iexplore.exe
3412	iexplore.exe
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
1580	iexplore.exe
1580	iexplore.exe
1240	IEXPLORE.EXE
1240	IEXPLORE.EXE
300	iexplore.exe
300	iexplore.exe
3788	IEXPLORE.EXE
3788	IEXPLORE.EXE
3444	iexplore.exe
3444	iexplore.exe
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
2044	iexplore.exe
2044	iexplore.exe
764	IEXPLORE.EXE
764	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

908 iexplore.exe
2712 iexplore.exe
1824 iexplore.exe
3412 iexplore.exe
1580 iexplore.exe
300 iexplore.exe
3444 iexplore.exe
2044 iexplore.exe

Checks whether UAC is enabled 16 IoCs

Processes:

IEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 131 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B3B1BEA6-D318-11EA-8770-E6458B743175} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c7a14c2567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb5000000000200000000001066000000010000200000008ac73123c5f4b1d5d096bb3da36aec754cbec67fab189f724e71e4fe72c240e6000000000e80000000020000200000005a23d4e2b380622ea4c3f77d7341084a6a3e6ce2c1abccbb92569089eb9f092420000000b019d03d8d28a1cac3190c82944db4ae5c76ac154a0c9ca6259367c2bdf4c0fe4000000094333c3f5909fca26c6c1a865097c172be682741c45aea12e7c3cdccd4cb362c7d4fd704ed36956a393aba1adda856a6502bc9447bf22c9d92d7714e7e2dea12	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30828325"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000e8147882df4491b75a1de379aeee98d799a586e973202d0c3c31e8fc9cf28e69000000000e80000000020000200000005bfec4e583425f409fa9688b7fd20425fc151d979a0b5a78c0ee31bfdbcecbb72000000092f924a3656db51d9080d638417623240e78bcf019b1fc1cbd4ae984b4f9547740000000a497f6ef33eb843e22f1530ff0f6c556a01a21b5432f820b6f6d69c0e211e551ed58f328a888b778dd36467b3ebe79bf1addd5989db7ca23669646f8b79727b0	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000d6213c5656f435ae4d6363aa0e08be666098c054ecc89bc6dc97512f5d5bd901000000000e80000000020000200000003502d36e50cbdd05b2bfa6f7922b115d5a0b3def37cf50faa34ab9993e917d1620000000dc981fe027b26f92b9cd50ceb1f80f530b9e8e99a016f6ed137fea360873175f4000000060a77a7003f7ac2e3d739a1470d4bb3141d9a0b1fab9ccad9dee3fad95fdb266ae4dc323ee72d17103003437ddde5b3a002ef3ca0fb7fab14e9ffcfdeec007c4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000cc3780850e3c55262326eec7cc9547dc1a1f444f113a74c6cd4a9555dda5d3e6000000000e8000000002000020000000ea476d8d8d8ba73306a47f5c351747228757fe046a48917f5198f585e4f750de20000000b194955d746f279220a0db079a2f70d59ada5c6daa9689489edc5e9a392d747440000000c59ac7c4e4ebd4e9b64278579f5134b2d5990a5711ba188f13cacd8f84890c636e9a92c7144d327d0d876c86babbf8e6e42482e2506129388874ac13323a3ccf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 301197682567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{91C1C3BC-D318-11EA-8770-E6458B743175} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0529b762567d601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8ABC162F-D318-11EA-8770-E6458B743175} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000bafdf6885922a19bcbdbd514d2e16f63446b67529e2bbddabd14233132ab6aea000000000e8000000002000020000000f7ca70c9d3b0342904e4957c7ddd94f68ccc7084fb629113628be0b21d513267200000007de1875eb4ffee1060de09f301216e694b43d0df939c0a1f5d417f17b177eb9b400000007011f7d9657be35a4497a5626c2fd66854c1b85a7df7e39948d83c67350cb297593069a95e759a4489274f9aadcd056350624eba4d80f464adc87652605528a7	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4072b2542567d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{98C2AC88-D318-11EA-8770-E6458B743175} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f09ce44c2567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb5000000000200000000001066000000010000200000004dad83a374df9d0f7d75323a5d9db562003ffde08b839153551e1efa349784ac000000000e8000000002000020000000a510f0ed1dc288ba0f5145d56836fc401c76b2a7bf367c632a787c922219a54f20000000b60e744d61b13e6438887c70859411da1f21ca27a00c0390267a1832dc966ecd40000000fc7454f3bc3b19772bc57c014848ece84df91d29ce8d2b86d7161fd8bd6f60653dc379813ae24e08022cf3da40f1ad2483e7211bc25c36cbfa3d68c76cf586fb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1225990341"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 908 wrote to memory of 1232	908	iexplore.exe	IEXPLORE.EXE
PID 908 wrote to memory of 1232	908	iexplore.exe	IEXPLORE.EXE
PID 908 wrote to memory of 1232	908	iexplore.exe	IEXPLORE.EXE
PID 2712 wrote to memory of 2540	2712	iexplore.exe	IEXPLORE.EXE
PID 2712 wrote to memory of 2540	2712	iexplore.exe	IEXPLORE.EXE
PID 2712 wrote to memory of 2540	2712	iexplore.exe	IEXPLORE.EXE
PID 1824 wrote to memory of 1336	1824	iexplore.exe	IEXPLORE.EXE
PID 1824 wrote to memory of 1336	1824	iexplore.exe	IEXPLORE.EXE
PID 1824 wrote to memory of 1336	1824	iexplore.exe	IEXPLORE.EXE
PID 3412 wrote to memory of 2768	3412	iexplore.exe	IEXPLORE.EXE
PID 3412 wrote to memory of 2768	3412	iexplore.exe	IEXPLORE.EXE
PID 3412 wrote to memory of 2768	3412	iexplore.exe	IEXPLORE.EXE
PID 1580 wrote to memory of 1240	1580	iexplore.exe	IEXPLORE.EXE
PID 1580 wrote to memory of 1240	1580	iexplore.exe	IEXPLORE.EXE
PID 1580 wrote to memory of 1240	1580	iexplore.exe	IEXPLORE.EXE
PID 300 wrote to memory of 3788	300	iexplore.exe	IEXPLORE.EXE
PID 300 wrote to memory of 3788	300	iexplore.exe	IEXPLORE.EXE
PID 300 wrote to memory of 3788	300	iexplore.exe	IEXPLORE.EXE
PID 3444 wrote to memory of 1336	3444	iexplore.exe	IEXPLORE.EXE
PID 3444 wrote to memory of 1336	3444	iexplore.exe	IEXPLORE.EXE
PID 3444 wrote to memory of 1336	3444	iexplore.exe	IEXPLORE.EXE
PID 2044 wrote to memory of 764	2044	iexplore.exe	IEXPLORE.EXE
PID 2044 wrote to memory of 764	2044	iexplore.exe	IEXPLORE.EXE
PID 2044 wrote to memory of 764	2044	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\240bfstrategiv.exe
"C:\Users\Admin\AppData\Local\Temp\240bfstrategiv.exe"
1⤵
PID:4040

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:908

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:908 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:1232

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:2712

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2712 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:2540

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1824

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1824 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:1336

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:3412

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3412 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:2768

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1580

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1580 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:1240

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:300

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:300 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:3788

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:3444

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3444 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:1336

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:2044

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:764

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/764-8-0x0000000000000000-mapping.dmp

Download
memory/1232-1-0x0000000000000000-mapping.dmp

Download
memory/1240-5-0x0000000000000000-mapping.dmp

Download
memory/1336-3-0x0000000000000000-mapping.dmp

Download
memory/1336-7-0x0000000000000000-mapping.dmp

Download
memory/2540-2-0x0000000000000000-mapping.dmp

Download
memory/2768-4-0x0000000000000000-mapping.dmp

Download
memory/3788-6-0x0000000000000000-mapping.dmp

Download
memory/4040-0-0x0000000000560000-0x0000000000577000-memory.dmp

Filesize
92KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads