0c1b2a7c804cea1d2c36dc3cfe96695e795dfea0deea47a6ba9c49c086786eb2

General

Target

206bfstrategiv.exe
Size

250KB
MD5

22f0015d5539017de1d51be7b01a0faa
SHA1

bd7730a5d89004aea516171128576ba398da32eb
SHA256

0c1b2a7c804cea1d2c36dc3cfe96695e795dfea0deea47a6ba9c49c086786eb2
SHA512

43b3e69a5c94ea443e9baaa21ec46e323179df5a60326029320caa7134f20e6564514242cc39b5f7a5115da08502264f60c33ed31b8327172446f13039261f01

Score

1^/10

Malware Config

Signatures

Checks whether UAC is enabled 16 IoCs

Processes:

IEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 3812 wrote to memory of 2316	3812	iexplore.exe	IEXPLORE.EXE
PID 3812 wrote to memory of 2316	3812	iexplore.exe	IEXPLORE.EXE
PID 3812 wrote to memory of 2316	3812	iexplore.exe	IEXPLORE.EXE
PID 500 wrote to memory of 4076	500	iexplore.exe	IEXPLORE.EXE
PID 500 wrote to memory of 4076	500	iexplore.exe	IEXPLORE.EXE
PID 500 wrote to memory of 4076	500	iexplore.exe	IEXPLORE.EXE
PID 3000 wrote to memory of 1028	3000	iexplore.exe	IEXPLORE.EXE
PID 3000 wrote to memory of 1028	3000	iexplore.exe	IEXPLORE.EXE
PID 3000 wrote to memory of 1028	3000	iexplore.exe	IEXPLORE.EXE
PID 3144 wrote to memory of 3968	3144	iexplore.exe	IEXPLORE.EXE
PID 3144 wrote to memory of 3968	3144	iexplore.exe	IEXPLORE.EXE
PID 3144 wrote to memory of 3968	3144	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 4092	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 4092	2072	iexplore.exe	IEXPLORE.EXE
PID 2072 wrote to memory of 4092	2072	iexplore.exe	IEXPLORE.EXE
PID 3876 wrote to memory of 2536	3876	iexplore.exe	IEXPLORE.EXE
PID 3876 wrote to memory of 2536	3876	iexplore.exe	IEXPLORE.EXE
PID 3876 wrote to memory of 2536	3876	iexplore.exe	IEXPLORE.EXE
PID 3496 wrote to memory of 4048	3496	iexplore.exe	IEXPLORE.EXE
PID 3496 wrote to memory of 4048	3496	iexplore.exe	IEXPLORE.EXE
PID 3496 wrote to memory of 4048	3496	iexplore.exe	IEXPLORE.EXE
PID 4044 wrote to memory of 3596	4044	iexplore.exe	IEXPLORE.EXE
PID 4044 wrote to memory of 3596	4044	iexplore.exe	IEXPLORE.EXE
PID 4044 wrote to memory of 3596	4044	iexplore.exe	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 32 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
3812	iexplore.exe
3812	iexplore.exe
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
500	iexplore.exe
500	iexplore.exe
4076	IEXPLORE.EXE
4076	IEXPLORE.EXE
3000	iexplore.exe
3000	iexplore.exe
1028	IEXPLORE.EXE
1028	IEXPLORE.EXE
3144	iexplore.exe
3144	iexplore.exe
3968	IEXPLORE.EXE
3968	IEXPLORE.EXE
2072	iexplore.exe
2072	iexplore.exe
4092	IEXPLORE.EXE
4092	IEXPLORE.EXE
3876	iexplore.exe
3876	iexplore.exe
2536	IEXPLORE.EXE
2536	IEXPLORE.EXE
3496	iexplore.exe
3496	iexplore.exe
4048	IEXPLORE.EXE
4048	IEXPLORE.EXE
4044	iexplore.exe
4044	iexplore.exe
3596	IEXPLORE.EXE
3596	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

3812 iexplore.exe
500 iexplore.exe
3000 iexplore.exe
3144 iexplore.exe
2072 iexplore.exe
3876 iexplore.exe
3496 iexplore.exe
4044 iexplore.exe

Modifies Internet Explorer settings 1 TTPs 131 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F902B962-D318-11EA-8770-E61FED94C99C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb5000000000200000000001066000000010000200000008ddc8d5607a5e391b355a713a575cd21d34b2d94f4e3045c2409dc8c8440afd2000000000e800000000200002000000009a43a3bcd6af9bd7ecc5b00ddb3eb8b4a9a2bdbf9f36e5e580e1db142f0c2d12000000097880811b45335dcc423853aad34d284dfa9376ec3a40472be98ec8c9a6bf43440000000b7022f3977d4f3cede8cab95f4f96a1fcd8097c4f305d8e0a219d779bd1096e7e1ad5aca6fa6bdfe523b1deb979c49b5137dae747094661160b7394b73caf33a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000371b1262206a54ce04574100befd789c1beae4186c531c20902e06c1e8b05826000000000e800000000200002000000076c05169ecf9c16de5a87378e52c48161d3c7913f09075957816d51c8ec6a154200000007fb5bc998591baa967485d90f6221592f65ad63da0d262df0f3aa9030b18ecc74000000067c963b63e9c1a2885d56ce3b849452f86ef17ec80d8818d7345a4ac86d06b1ab3f8e349a1bde32c501d63b1004870890480d9194b1070f543b1be507a0653a1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb5000000000200000000001066000000010000200000007ec321b6aaf11e11a0c859379446fb83b2b586fdbbbb8f8b42b78fbdbf1f8328000000000e8000000002000020000000d100b239b1f2ed7564a28418e50ee3800f819b5b90fd8b93a3d1700e33ed166420000000d17589b5258c5080605b2e19b84567770775407632f31174cfb81079eaff4b034000000094fed320fa2169e2014130d5268900120968fb61599154522494c421f52c51fa63645bad178aa1c8f1c8a8ab59803f59367f0f211012b2f3e130b05c34480955	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb50000000002000000000010660000000100002000000016c57c9ac62980fc46662453d13b463de55662eb46f6e140408e7d05a14d0305000000000e800000000200002000000003faa4693e84c510b24931cb162251395569ebe4d3969669c9752b95f8069b95200000003acc7c4889ae55fb3c5519b1f7b691dc2567e73e08c9ff2a401ce297bae6c76540000000e371bb87be20ee2325fc58e8bd98bbc66236a5be11d236164ee4c57163634e0e3c946241f0fb05ee6153855a12907fd802d6c1ab94cd7a91f83bc94b4e484f7e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f086e4992567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F1FAAA0B-D318-11EA-8770-E61FED94C99C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80451b922567d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAEB8290-D318-11EA-8770-E61FED94C99C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30828325"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CFEBB267-D318-11EA-8770-E61FED94C99C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb5000000000200000000001066000000010000200000002197119d19b6b615e6069ac1d9379f8a08b8a221d5aebcf1fc9b5e45146a3da8000000000e80000000020000200000001bfacc085c08a11e191865e05859f71ccacd21f01b435b236a11d516d8264ecf200000004a117ae2001b2e3ea2c9f6fa08f406afde5ede07aa7151117f5242aa9f7345da40000000e92ead04bd4796546d545e93c14859f1b2aba9b117ab61150af77c0b4db984e6588fc04ca76f0ff0bfe14fe0a0090e518674ab8addcb0350cbe484dba9bf9e48	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80daecad2567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

C:\Users\Admin\AppData\Local\Temp\206bfstrategiv.exe
"C:\Users\Admin\AppData\Local\Temp\206bfstrategiv.exe"
1⤵
PID:648

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
PID:3812

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3812 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
PID:500

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:500 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4076

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
PID:3000

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
PID:3144

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3144 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:3968

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
PID:2072

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4092

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
PID:3876

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3876 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:2536

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
PID:3496

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3496 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
PID:4048

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
PID:4044

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4044 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:3596

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/648-0-0x00000000004D0000-0x00000000004E7000-memory.dmp

Filesize
92KB

Download
memory/1028-3-0x0000000000000000-mapping.dmp

Download
memory/2316-1-0x0000000000000000-mapping.dmp

Download
memory/2536-6-0x0000000000000000-mapping.dmp

Download
memory/3596-8-0x0000000000000000-mapping.dmp

Download
memory/3968-4-0x0000000000000000-mapping.dmp

Download
memory/4048-7-0x0000000000000000-mapping.dmp

Download
memory/4076-2-0x0000000000000000-mapping.dmp

Download
memory/4092-5-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads