ee4b2459c040e77ef8d702fe98677c4a1f3f402d04763c50f9522a0f4f8f04c6

General

Target

245bfstrategiv.exe
Size

250KB
MD5

006a81bc63231ca9aa3867ef143bff82
SHA1

02c7bb275c262c20dd4657f066f6d133e2c27a25
SHA256

ee4b2459c040e77ef8d702fe98677c4a1f3f402d04763c50f9522a0f4f8f04c6
SHA512

2e63d9c9e8fea626337f4dda0972ffdac88ba03c854d6820987ce8a4bf1e521171a0f8f313ae4ba5191902d731287a62485b36e197d807983b07cc5d339a0078

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid	process
3872	iexplore.exe
1472	iexplore.exe
396	iexplore.exe
1616	iexplore.exe
3788	iexplore.exe
1612	iexplore.exe
1076	iexplore.exe
1764	iexplore.exe
3592	iexplore.exe

Checks whether UAC is enabled 18 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 146 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f72535b3d71787499ad6028e231c2f4e000000000200000000001066000000010000200000001773fe82b6201d704955d035059006cb4a9f73aeebd243b580c77447bb38b5e1000000000e800000000200002000000077ab8120d49b12430526b8ccafaa33cbfcab850a208dc5af7b6fabf33e281e9f20000000d3aaffdd2410c29387762ee8d6c85209931fdcea643a56ca7987868f06bf667a40000000280af649ec0dcce0143e3a50d0e651982e07d76b3a3c3366de78104d7e775b16bfc2fe4cb6c7396125b6d52a97e450546aba00e645c29c5ffc3c3d430496cb1f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A5980251-D307-11EA-95F0-46C5BBD542B6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e255911467d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E268BC16-D307-11EA-95F0-46C5BBD542B6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606e69831467d601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f72535b3d71787499ad6028e231c2f4e00000000020000000000106600000001000020000000678eb2ee4b7fdca7a1e5bb19ec5fb132faa50d08fffd29e32cd742fe647d3bf7000000000e8000000002000020000000c2b95579918f8faa3349b9432a2c704b4c449b6ef8dcb66a0ff6980b7a5df25a20000000829166f382436e22a7b2937b2375ae0817a205ee67a754f3a4e6bf31016c814e40000000e321b9eef769eb017e31da962197bbd1b254d13fc724e1bcfc6a8ac1b8e075157a403d0595fae0a9964831886cdd34b271dd6ab4d597e98dc7f548fda8e02328	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1727078013"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30e27c681467d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f72535b3d71787499ad6028e231c2f4e00000000020000000000106600000001000020000000e03a96bf276fb97c7f0acb337a74f56066ce909a87f7f55f0b33ec4154f24b1e000000000e8000000002000020000000100c8f8e216c7f8634b55639fa56794a1c8e0525f9cf402a5eb49faf03d36e2220000000df58f11df66023d9f9bd8da6007ec09acd6ad8b04e2f3add879a5b9996ce1450400000008f0bb01f3aa7db4c99dd52fa3103042bf1b868dff4a9e91279457128b44c2f8a5b896efceab507580dd8674599635f49a82f95fb57540f3c734feb1b3af0d2c1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f72535b3d71787499ad6028e231c2f4e000000000200000000001066000000010000200000005d0727f86cad2441f32997e12acd9cbc5fed8dc51da230b165ddf2485ac5e827000000000e800000000200002000000036eefc5724ca0ee336a52f67f2cf891a14462d00820849dc459de2bf6f0b8760200000004f3dedc4e2c453c0aec1d7d5651870c31a875da29a4a3bd31f13fa27dbf8b31a400000003a7c7ba7a3b0315d98a1031f94017298480527d4535f13767776cc0069d07242ac1474a1308899b8dd33398a851503c7a12c0c19bfb34d38e09d508c814841ce	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 105b70761467d601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d09e4f981467d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f72535b3d71787499ad6028e231c2f4e00000000020000000000106600000001000020000000ed83e1a44c8bbd0a4944e363015f2c48704d1d10cd376040cacc6913fde43061000000000e8000000002000020000000d6fd3d19611e59b6b769735340b7229d67207922434593494812da2334861f7b200000009d337559d2b08d7d1bdffb1e1baea84fe571827d63a578afc6535e34baa1fcd7400000005e3fa4b76be58edd93d1b728f777eb6408ff35342961d884c55414d4fe4b1a91c495b9f6df983e69080e0944b0702446ec4aba0b5c46f3ca91622f9bfd7d4137	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0255c8a1467d601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B386BDE1-D307-11EA-95F0-46C5BBD542B6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00ec5ba51467d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30828308"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f72535b3d71787499ad6028e231c2f4e00000000020000000000106600000001000020000000cc0c80fabf89bcafce78d8a332d98485c83acc794dbbe60248005f3c753adf4c000000000e80000000020000200000002d8bdc7da54646a1871be321752652791331f6042274f8e576e42860a935fb1420000000ba74a2b7ddfad3f334d72ec8c85391777f3f0618a2e5858459a2f89b80306ce84000000066b3dcdc3e83edf7959461c086750040282ac319f32e20bce1b213253abdb69d1b87e531ab5dc544e048734486977f997b5d88950ac41dca111f6196ac96665a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f72535b3d71787499ad6028e231c2f4e00000000020000000000106600000001000020000000496e78f6fa910f7003414e434b35094e202c2f8921e8c282c7cb0677eaf85e78000000000e800000000200002000000013c8c17059d581d493464f9000bedfb5c77c6227b07e1af98b9080ce04173532200000004fd9bd3c963c71e4ac0dd28acaa680525c1285aa7ad740795a8c238f23815f8c400000006465417cc6cca06e153cb6632aedf3f8656657cf2ceac7aa095bf129ef94e819b97b0e48079960f80297ab8b3231a50367afa40ba4270ed9cb01c1c357930a79	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe

Suspicious use of WriteProcessMemory 27 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 3872 wrote to memory of 3308	3872	iexplore.exe	IEXPLORE.EXE
PID 3872 wrote to memory of 3308	3872	iexplore.exe	IEXPLORE.EXE
PID 3872 wrote to memory of 3308	3872	iexplore.exe	IEXPLORE.EXE
PID 1472 wrote to memory of 1552	1472	iexplore.exe	IEXPLORE.EXE
PID 1472 wrote to memory of 1552	1472	iexplore.exe	IEXPLORE.EXE
PID 1472 wrote to memory of 1552	1472	iexplore.exe	IEXPLORE.EXE
PID 396 wrote to memory of 1160	396	iexplore.exe	IEXPLORE.EXE
PID 396 wrote to memory of 1160	396	iexplore.exe	IEXPLORE.EXE
PID 396 wrote to memory of 1160	396	iexplore.exe	IEXPLORE.EXE
PID 1616 wrote to memory of 3576	1616	iexplore.exe	IEXPLORE.EXE
PID 1616 wrote to memory of 3576	1616	iexplore.exe	IEXPLORE.EXE
PID 1616 wrote to memory of 3576	1616	iexplore.exe	IEXPLORE.EXE
PID 3788 wrote to memory of 800	3788	iexplore.exe	IEXPLORE.EXE
PID 3788 wrote to memory of 800	3788	iexplore.exe	IEXPLORE.EXE
PID 3788 wrote to memory of 800	3788	iexplore.exe	IEXPLORE.EXE
PID 1612 wrote to memory of 3800	1612	iexplore.exe	IEXPLORE.EXE
PID 1612 wrote to memory of 3800	1612	iexplore.exe	IEXPLORE.EXE
PID 1612 wrote to memory of 3800	1612	iexplore.exe	IEXPLORE.EXE
PID 1076 wrote to memory of 2468	1076	iexplore.exe	IEXPLORE.EXE
PID 1076 wrote to memory of 2468	1076	iexplore.exe	IEXPLORE.EXE
PID 1076 wrote to memory of 2468	1076	iexplore.exe	IEXPLORE.EXE
PID 1764 wrote to memory of 2528	1764	iexplore.exe	IEXPLORE.EXE
PID 1764 wrote to memory of 2528	1764	iexplore.exe	IEXPLORE.EXE
PID 1764 wrote to memory of 2528	1764	iexplore.exe	IEXPLORE.EXE
PID 3592 wrote to memory of 632	3592	iexplore.exe	IEXPLORE.EXE
PID 3592 wrote to memory of 632	3592	iexplore.exe	IEXPLORE.EXE
PID 3592 wrote to memory of 632	3592	iexplore.exe	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 36 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
3872	iexplore.exe
3872	iexplore.exe
3308	IEXPLORE.EXE
3308	IEXPLORE.EXE
1472	iexplore.exe
1472	iexplore.exe
1552	IEXPLORE.EXE
1552	IEXPLORE.EXE
396	iexplore.exe
396	iexplore.exe
1160	IEXPLORE.EXE
1160	IEXPLORE.EXE
1616	iexplore.exe
1616	iexplore.exe
3576	IEXPLORE.EXE
3576	IEXPLORE.EXE
3788	iexplore.exe
3788	iexplore.exe
800	IEXPLORE.EXE
800	IEXPLORE.EXE
1612	iexplore.exe
1612	iexplore.exe
3800	IEXPLORE.EXE
3800	IEXPLORE.EXE
1076	iexplore.exe
1076	iexplore.exe
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
1764	iexplore.exe
1764	iexplore.exe
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
3592	iexplore.exe
3592	iexplore.exe
632	IEXPLORE.EXE
632	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\245bfstrategiv.exe
"C:\Users\Admin\AppData\Local\Temp\245bfstrategiv.exe"
1⤵
PID:2728

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
PID:3872

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3872 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:3308

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
PID:1472

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1472 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
PID:396

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:396 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3576

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
PID:3788

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3788 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:800

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3800

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
PID:1076

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1076 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
PID:3592

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3592 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:632

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/632-9-0x0000000000000000-mapping.dmp

Download
memory/800-5-0x0000000000000000-mapping.dmp

Download
memory/1160-3-0x0000000000000000-mapping.dmp

Download
memory/1552-2-0x0000000000000000-mapping.dmp

Download
memory/2468-7-0x0000000000000000-mapping.dmp

Download
memory/2528-8-0x0000000000000000-mapping.dmp

Download
memory/2728-0-0x0000000000560000-0x0000000000577000-memory.dmp

Filesize
92KB

Download
memory/3308-1-0x0000000000000000-mapping.dmp

Download
memory/3576-4-0x0000000000000000-mapping.dmp

Download
memory/3800-6-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads