89ff37abe56437ef578809fd40ee79001d1173b2d7a00c53ae37d7c0a4c57149

General

Target

290bfstrategiv.exe
Size

250KB
MD5

fef72d738ee3a77e25f1149eef51ce97
SHA1

977e640406a44db0011b0a0a80b12f66bcc83420
SHA256

89ff37abe56437ef578809fd40ee79001d1173b2d7a00c53ae37d7c0a4c57149
SHA512

6fa11232bc90c0751e460bb596fab883f8a855a67ca7c9f52dcb66fd7481778db75ee5820c2b1a2aca97dd4e3089a96cd83b62c0d436f40fbb9f76bb6daafc84

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 612 wrote to memory of 1280	612	iexplore.exe	IEXPLORE.EXE
PID 612 wrote to memory of 1280	612	iexplore.exe	IEXPLORE.EXE
PID 612 wrote to memory of 1280	612	iexplore.exe	IEXPLORE.EXE
PID 2900 wrote to memory of 1832	2900	iexplore.exe	IEXPLORE.EXE
PID 2900 wrote to memory of 1832	2900	iexplore.exe	IEXPLORE.EXE
PID 2900 wrote to memory of 1832	2900	iexplore.exe	IEXPLORE.EXE
PID 3684 wrote to memory of 1392	3684	iexplore.exe	IEXPLORE.EXE
PID 3684 wrote to memory of 1392	3684	iexplore.exe	IEXPLORE.EXE
PID 3684 wrote to memory of 1392	3684	iexplore.exe	IEXPLORE.EXE
PID 3844 wrote to memory of 2632	3844	iexplore.exe	IEXPLORE.EXE
PID 3844 wrote to memory of 2632	3844	iexplore.exe	IEXPLORE.EXE
PID 3844 wrote to memory of 2632	3844	iexplore.exe	IEXPLORE.EXE
PID 3956 wrote to memory of 1044	3956	iexplore.exe	IEXPLORE.EXE
PID 3956 wrote to memory of 1044	3956	iexplore.exe	IEXPLORE.EXE
PID 3956 wrote to memory of 1044	3956	iexplore.exe	IEXPLORE.EXE
PID 3768 wrote to memory of 2964	3768	iexplore.exe	IEXPLORE.EXE
PID 3768 wrote to memory of 2964	3768	iexplore.exe	IEXPLORE.EXE
PID 3768 wrote to memory of 2964	3768	iexplore.exe	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 24 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
612	iexplore.exe
612	iexplore.exe
1280	IEXPLORE.EXE
1280	IEXPLORE.EXE
2900	iexplore.exe
2900	iexplore.exe
1832	IEXPLORE.EXE
1832	IEXPLORE.EXE
3684	iexplore.exe
3684	iexplore.exe
1392	IEXPLORE.EXE
1392	IEXPLORE.EXE
3844	iexplore.exe
3844	iexplore.exe
2632	IEXPLORE.EXE
2632	IEXPLORE.EXE
3956	iexplore.exe
3956	iexplore.exe
1044	IEXPLORE.EXE
1044	IEXPLORE.EXE
3768	iexplore.exe
3768	iexplore.exe
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

612 iexplore.exe
2900 iexplore.exe
3684 iexplore.exe
3844 iexplore.exe
3956 iexplore.exe
3768 iexplore.exe

Modifies Internet Explorer settings 1 TTPs 101 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0de26552567d601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "589866209"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30828325"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{700CF22F-D318-11EA-8770-46EC98C77859} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 504623412567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb5000000000200000000001066000000010000200000005586feae0815b3fcd1a120d26e8b25df55e137bb2d663e58d8385083e6171552000000000e8000000002000020000000391473385360af5255237c67704580992287a9683c30ddc085c529a60f8d40f42000000005f051d232be8774ce7ac045508cc9f64cd57e201a8d35f8ac682273cc7ee034400000002f9885be8799164b9f5b1d2c08dc8d99f4e22815f94d328bc11d3f53340eccb9aff554ecf151f4c01c897ead387072dcba4ea54069070eaa4b59a46547b8fd27	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb5000000000200000000001066000000010000200000004549b7cfa242b03ce315cb0dff1cbcfb6e241d42868790b8489c326567c2ea1e000000000e8000000002000020000000eb4462a6cbab41221636562ea3b26b4b578f93328940307005008495bb2582352000000074f43fcb8db8be578495cc52e4b28dd852a314b7120c5a6dd9cce3224170373040000000626e17920048c394a4bb8f4b3cf48aed7e7e83db076aa8cbe423e19a54c734098279c0243bcd84bd4fc7c282cef9eabc77b3d44c6873bda9dad2b34a17376ced	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9236233E-D318-11EA-8770-46EC98C77859} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30828325"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb5000000000200000000001066000000010000200000006ba44eeda2375358019e28d3b43b0dbbadae365dd7723a085697179d8c4e1bc4000000000e8000000002000020000000069b571220c9fe447710dcb45ef9079ef9554de573b40513b4440fe322895ae220000000efe8647844bdb9645efe136f7862390edf3f47ae36bac727ebd369ab35f0bcf640000000ddddc44d54b127dc98c78daca095954447bf4a9b806db0beabe06fce5314a79715df3c6385fc4e3beb0644abfa97765a09e0ee3453cb5c060aea1859868e8967	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "589866209"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb50000000002000000000010660000000100002000000062fe95e24c3b973854cad2253af911c56f912a17900f16face3b335751efe882000000000e8000000002000020000000e6d48fe9ec6be889509edee5ca21744ad1630192ac1a962c1d1ee58fe2ec9dd020000000382e72d90b0952b68364b922925964b10b4809ddfccfdf8b7e9a510cc4398c3740000000b07149c591cdb6c0fb20029a0c67f11fc54eb514af5bd9094f4ab917b29a5e443a939ae5f85dfbe1dbc684d3de72329e4269b020e31229fdd58b6fd415b2ebd8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70496f2c2567d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B2E13AA-D318-11EA-8770-46EC98C77859} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0c5e92b2567d601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E28FCAC-D318-11EA-8770-46EC98C77859} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ab5bfb80bbcc3741b39e5dde19107bb50000000002000000000010660000000100002000000066aad4a8e45f1b682fb80065eb53f8d2332fa3d6062501919bff4b9c76d74fca000000000e8000000002000020000000c62772d343fdbd7caec6369e118d4d489dabad901d126b1b5d6c482c44f777922000000001d184ef656f5acd5bcf5cddcfd654dd061d6ee157846235ae47d90d8378e96d40000000fd3210e3440bf0b6e961c220b5206d7d7f990794cf052b56665711dd36649bfba6f1f25070b173e64bfa4467ada9d452cabdb53733f3a1741f865b94ee811ced	iexplore.exe

Checks whether UAC is enabled 12 IoCs

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\290bfstrategiv.exe
"C:\Users\Admin\AppData\Local\Temp\290bfstrategiv.exe"
1⤵
PID:1568

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
PID:612

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:612 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
PID:1280

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
PID:2900

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
PID:1832

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
PID:3684

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3684 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
PID:1392

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
PID:3844

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3844 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:2632

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
PID:3956

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3956 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
PID:1044

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
PID:3768

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3768 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:2964

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-5-0x0000000000000000-mapping.dmp

Download
memory/1280-1-0x0000000000000000-mapping.dmp

Download
memory/1392-3-0x0000000000000000-mapping.dmp

Download
memory/1568-0-0x0000000002210000-0x0000000002227000-memory.dmp

Filesize
92KB

Download
memory/1832-2-0x0000000000000000-mapping.dmp

Download
memory/2632-4-0x0000000000000000-mapping.dmp

Download
memory/2964-6-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads