49207e2aea4def649b70cad208d52e728bbd648eb590367c3e10a624c8534bcf

General

Target

286bfstrategiv.exe
Size

250KB
MD5

f843a2fb25549aeeb5fd1c5e73a45036
SHA1

ee29fb5c101c2a8e1d08960ca5191dcc292a39d8
SHA256

49207e2aea4def649b70cad208d52e728bbd648eb590367c3e10a624c8534bcf
SHA512

5244f278f85ed1fdc610e88c1704182b5c45111eb02481ebaed12c3c7f41c8db04e4f57955380f3ec8710ad101bf9f85f30d6f6381e8d501fc8831243ede51f1

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 26 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exe

pid	process
1932	iexplore.exe
1932	iexplore.exe
2212	IEXPLORE.EXE
2212	IEXPLORE.EXE
3452	iexplore.exe
3452	iexplore.exe
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
3752	iexplore.exe
3752	iexplore.exe
3980	IEXPLORE.EXE
3980	IEXPLORE.EXE
1032	iexplore.exe
1032	iexplore.exe
3856	IEXPLORE.EXE
3856	IEXPLORE.EXE
3404	iexplore.exe
3404	iexplore.exe
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE
3892	iexplore.exe
3892	iexplore.exe
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
3332	iexplore.exe
3332	iexplore.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

1932 iexplore.exe
3452 iexplore.exe
3752 iexplore.exe
1032 iexplore.exe
3404 iexplore.exe
3892 iexplore.exe

Checks whether UAC is enabled 14 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 109 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb50000000002000000000010660000000100002000000071915caa7ac9924e5a081a116476d2feb465037c04232a5241c4118cb86b16a9000000000e8000000002000020000000e90adc741592ff582ad956146ecafa0069bd5051ddef2859bf87623d796428422000000075566857886fd35e7263dd92745a6c912b06a54c8ab6a9ec1c957e9df9330a72400000009fe5bb6fdd77f3a9360317e279ca251fd8603dac68c67f5f59ca30ae351d03c691ef9fe0c3658e77cd280ef7ef468de0e615700ab15189121b64ec3436a076c1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "609523738"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000059294ec2f27b4526be1bc6f4b1e2f0fbac0f7f011113d1b572474a8f72eaf34000000000e8000000002000020000000041346aec92d346b884179380d3baf96d8407891825c4cc61368f849425480d9200000006e3e9eef0b135d2228b9bd74ac10adaa8112b1186a12f2a1bf4edaac24f7f7534000000070a76ce0506cdb9fb6a937b87a18f5d7a4bafc4551e887699c7f8ecd078f0176f10aa1d9b8caa0b44b4ec1c79bbfb2434cf7f2de2587310c470179bb500e3afc	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000b9914e0a68040a0e825d1e404d41d4bf08ea24442d1ee302748e3321367d5514000000000e80000000020000200000001ab2d476fb16faa88fdb2d671b56d3c999f1243711c52584244af177bed9e26f20000000ec667f9da3eae65748504e723871408450564ffe679be5d3c911ab40d5f1891740000000852df5c7b481f731126511450d44d5179a7bc6169634855cfd2374d64a79a5b378c110a16f6ae4f56be63cd8cba2c7cb39c628542d45e5609017d32bd4735d93	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb5000000000200000000001066000000010000200000009f020b0efa9982a4ea94456b3dd64ee6459591842f7843bbb7ca960202b2d7cf000000000e8000000002000020000000845eb70fc72034b459215105997e5676c7edde907f5249f7d93f3e23b6dbf4a920000000a60bd5d36ae1803b7e5068ad994b75799318a80f05e32d1b114c01cd279f1da1400000007f4441feb688054dd295004e41036c477ec69bf1e0427c16b0544b7a880f3200a9c75efb3b6fa01a8891d1a398ee427f1ded225b3c35af274b571e7469f0a38d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb50000000002000000000010660000000100002000000076bd4e698634026fe2efa0cceb9d375dccfea95ce1c71eaa6df24569de730be6000000000e80000000020000200000001b59ff4de1a765052daf75e9d41601b49f1681033133ff09124a3d3ece915f3c20000000d6d2e4b5ccdfd72ec9992eeee691f4580d9bda8bcb5231ad108ac6553da43f9f4000000015ea045f6f94b4c8130c7deb67cfa7179c177b28c6ab8355ca00bde19a1b692c3118e05e5c9dc56b86908a9cc0554efef6d8621e3f00e8c46e1d22d7896b2b31	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4F6F14AB-D318-11EA-8770-7AEDE2F2F5F9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb500000000020000000000106600000001000020000000ea5f4c8ae3aabc5352fffde6bc5c0a30c16b43ed1097a9da2aff9412658a6bfc000000000e8000000002000020000000cc3f6285ac8a09751d0f55308879106c9490ebc0b623fc0177f34918d96724dd20000000d06d4b24b629b2b4d995c1f007a6e9dcb19f2b2709d360b621b6a3465187636f4000000009409bc60e45b8ea0f8ccf7a29113bc6a08f2ec831bc6aba3f628bc806693a5dc651a5c6d06f181bdfa18bf82eee3864f1b6f0fbb6258822e9cafde0762cad74	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70824f4f2567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "609523738"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02e473b2567d601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30614a422567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93621733-D318-11EA-8770-7AEDE2F2F5F9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909b152d2567d601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7138E648-D318-11EA-8770-7AEDE2F2F5F9} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c09657562567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30828325"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401f9b2d2567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 1932 wrote to memory of 2212	1932	iexplore.exe	IEXPLORE.EXE
PID 1932 wrote to memory of 2212	1932	iexplore.exe	IEXPLORE.EXE
PID 1932 wrote to memory of 2212	1932	iexplore.exe	IEXPLORE.EXE
PID 3452 wrote to memory of 2760	3452	iexplore.exe	IEXPLORE.EXE
PID 3452 wrote to memory of 2760	3452	iexplore.exe	IEXPLORE.EXE
PID 3452 wrote to memory of 2760	3452	iexplore.exe	IEXPLORE.EXE
PID 3752 wrote to memory of 3980	3752	iexplore.exe	IEXPLORE.EXE
PID 3752 wrote to memory of 3980	3752	iexplore.exe	IEXPLORE.EXE
PID 3752 wrote to memory of 3980	3752	iexplore.exe	IEXPLORE.EXE
PID 1032 wrote to memory of 3856	1032	iexplore.exe	IEXPLORE.EXE
PID 1032 wrote to memory of 3856	1032	iexplore.exe	IEXPLORE.EXE
PID 1032 wrote to memory of 3856	1032	iexplore.exe	IEXPLORE.EXE
PID 3404 wrote to memory of 1740	3404	iexplore.exe	IEXPLORE.EXE
PID 3404 wrote to memory of 1740	3404	iexplore.exe	IEXPLORE.EXE
PID 3404 wrote to memory of 1740	3404	iexplore.exe	IEXPLORE.EXE
PID 3892 wrote to memory of 2764	3892	iexplore.exe	IEXPLORE.EXE
PID 3892 wrote to memory of 2764	3892	iexplore.exe	IEXPLORE.EXE
PID 3892 wrote to memory of 2764	3892	iexplore.exe	IEXPLORE.EXE
PID 3332 wrote to memory of 1268	3332	iexplore.exe	IEXPLORE.EXE
PID 3332 wrote to memory of 1268	3332	iexplore.exe	IEXPLORE.EXE
PID 3332 wrote to memory of 1268	3332	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\286bfstrategiv.exe
"C:\Users\Admin\AppData\Local\Temp\286bfstrategiv.exe"
1⤵
PID:3740

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1932

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:2212

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:3452

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3452 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:2760

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:3752

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3752 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:3980

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1032

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1032 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:3856

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:3404

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3404 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:1740

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:3892

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3892 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:2764

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:3332

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3332 CREDAT:82945 /prefetch:2
2⤵
- Checks whether UAC is enabled
PID:1268

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1268-7-0x0000000000000000-mapping.dmp

Download
memory/1740-5-0x0000000000000000-mapping.dmp

Download
memory/2212-1-0x0000000000000000-mapping.dmp

Download
memory/2760-2-0x0000000000000000-mapping.dmp

Download
memory/2764-6-0x0000000000000000-mapping.dmp

Download
memory/3740-0-0x00000000001E0000-0x00000000001F7000-memory.dmp

Filesize
92KB

Download
memory/3856-4-0x0000000000000000-mapping.dmp

Download
memory/3980-3-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads