d2bc5be85fa4fe738bb81bd513e68a4afdae6ecf97d4581acc679beb9d988a1c

General

Target

d2bc5be85fa4fe738bb81bd513e68a4afdae6ecf97d4581acc679beb9d988a1c.exe
Size

642KB
MD5

cc2b4d3ef7aada14aa05e9005e3878d6
SHA1

5275469a3c55e93e5d673e142d3530dbd0290ee0
SHA256

d2bc5be85fa4fe738bb81bd513e68a4afdae6ecf97d4581acc679beb9d988a1c
SHA512

a6545b371f42c3a9545f633a7b66805aea768f4e87ce2ff70b493827401f47f7d0acdf4598fc8bed196d06e0a6a136d683e8bac1dce2127fa1b3e09392177eeb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 146 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 207ee9cbbcb7d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2AEFD43C-23B0-11EB-BEBD-F2A78315EFE1} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d00000000020000000000106600000001000020000000a1c283e8a70d28fd05ee113d38789eed983edbf987ba2bc9ae1a818d04f2be56000000000e80000000020000200000002acbdce846ca933bcca36cd242dc71dc4442bfaac6123005cc0d30d79186e64720000000ba2fc9cea7b74bab3ca14809ed7aa9b89816e20e5df7a6638e9764334233366e40000000fc6c85cbf98e9b02b24b0cb9ed99f6b51d56f93cbf0025dd64497c736b90e1a18545b7614d9f912e585650d40511565c9bbaba06b5e2f986523e50a2e9ff0061	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d000000000200000000001066000000010000200000008da7d2e21d839c6ed9f9250f39e9a6f525a3e99975b58b30b348cc5a28648dce000000000e800000000200002000000029214fbbc96c0be7dd80efa99e4f56df5628a8fdbc8f2d43bda523a55efbc6e820000000b8d728fb8e70789b07dacadb0138babec293750677db5964e4c4ddd843a566c640000000afcbd16f03814a62bd55c3a69080e1dbc25673b3fd49ed460b5827cdfee00542bae1e1661eacd7f58040b23965dda0e0b31e203dbf2cd64ab7a50550812f6e4d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c037d2edbcb7d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d00000000020000000000106600000001000020000000eec0095f0f58eca4df39adbab2c153e2b6b774aef93896c30adaf97731d0e163000000000e8000000002000020000000d3fe3bfd0037acbb6becd4e91f94f666a91467864f4f99de81c0019d9d2b5420200000009591c26d0643e4d90ef568afe4ebe023d9cdcf461af3700d9ffdacc6f711f438400000003486a12b4d8c01a62dc0f580c5e83caa7a767bf226d0d4fad6f82e911813d982c687bcf92ed40d14039971f4f1711fc84f6ceac705b8c2c1ec14e5eaac21a777	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1005872E-23B0-11EB-BEBD-F2A78315EFE1} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d00000000020000000000106600000001000020000000222ddbd4b85da695d16ea45eb93de3166324a73a84f387b59690a500fc614a36000000000e8000000002000020000000955e8972e2f6e01be033e9eb2f791b1df5de335407ba77671a2a34cd6cfc00aa20000000bb0184fb2ae854fcc65e06d13e2dd09520aba041a04196d080974fcd9fce171e4000000083b6237528c9ef493fc27d4b72caf25693baf01d83eab2c813587cd77270a1c399df7289f37dc22d0b2147c4596970c2e8485982d7df76980d73c485e2fa0d0b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2940609394"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 005f21b0bcb7d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2940609394"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d00000000020000000000106600000001000020000000edeb70f6196a6dfd48d28e65b9d98515bfdee89b81e017df37a240ee2cf54415000000000e800000000200002000000088a8ec486a89fc6296f53b4440408df7272637976539da1cfa474ea2232b46482000000024876fe52f97fc22d548397516715f9ed5b6b3a8f9eec88430a8d1bb1078bc4d4000000036028f4167b911f5e0c83a92dd784611c72335cabdb1faca9186907e55cd8fc7fa7dbc388472049cb0a9b2ffa618b577b9ba3b8cba6c46a36461bb024c805a0e	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d00000000020000000000106600000001000020000000db636daa71d07d66425cb067bc4401c9d3453e995d09f440710f892dbb37f91d000000000e80000000020000200000006653ba61dfec1a6c5a0c01b1a0e763b09646613414291e40a62fbd1b42f2fb992000000029d9a24922a1453cb331f654ff61b3d87692fcd7033f921ce0fc64319a0aa98d400000003ba438408dc90b4879c9b5c53ecffcfa5b8981e25a158976b6940eb4e1530ce2f00d7ee9e9d26558f88890313a6e344945d233ab69888fede4b223f150ee6307	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F511B132-23AF-11EB-BEBD-F2A78315EFE1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d000000000200000000001066000000010000200000009950e93b7f2ab8ee4b40da93fe3206eed6c469143e8f826f660084231c54c083000000000e80000000020000200000006b543ca139cbb9a901e05058ad2c6ea0a3bc57877a568d7c9e6291f0685d7b4720000000c22a251020f13c60a8da6b648a36e5e774ebd72b023a267d38324a029d24f3dc4000000076f5fd9ed67186beef64cdb30aa58abc93967fb5db601b09082eee9add719c9d66f55e9a5ab62575e51513ac4c3b213bb119802c6362b2b0727ed3db2e6b2725	iexplore.exe

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid	process
3948	iexplore.exe
2376	iexplore.exe
2444	iexplore.exe
3856	iexplore.exe
3512	iexplore.exe
2448	iexplore.exe
4076	iexplore.exe
3148	iexplore.exe
3620	iexplore.exe

Suspicious use of SetWindowsHookEx 36 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
3948	iexplore.exe
3948	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2376	iexplore.exe
2376	iexplore.exe
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
2444	iexplore.exe
2444	iexplore.exe
3168	IEXPLORE.EXE
3168	IEXPLORE.EXE
3856	iexplore.exe
3856	iexplore.exe
736	IEXPLORE.EXE
736	IEXPLORE.EXE
3512	iexplore.exe
3512	iexplore.exe
3948	IEXPLORE.EXE
3948	IEXPLORE.EXE
2448	iexplore.exe
2448	iexplore.exe
2328	IEXPLORE.EXE
2328	IEXPLORE.EXE
4076	iexplore.exe
4076	iexplore.exe
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3148	iexplore.exe
3148	iexplore.exe
2636	IEXPLORE.EXE
2636	IEXPLORE.EXE
3620	iexplore.exe
3620	iexplore.exe
1632	IEXPLORE.EXE
1632	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 27 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 3948 wrote to memory of 2456	3948	iexplore.exe	IEXPLORE.EXE
PID 3948 wrote to memory of 2456	3948	iexplore.exe	IEXPLORE.EXE
PID 3948 wrote to memory of 2456	3948	iexplore.exe	IEXPLORE.EXE
PID 2376 wrote to memory of 2180	2376	iexplore.exe	IEXPLORE.EXE
PID 2376 wrote to memory of 2180	2376	iexplore.exe	IEXPLORE.EXE
PID 2376 wrote to memory of 2180	2376	iexplore.exe	IEXPLORE.EXE
PID 2444 wrote to memory of 3168	2444	iexplore.exe	IEXPLORE.EXE
PID 2444 wrote to memory of 3168	2444	iexplore.exe	IEXPLORE.EXE
PID 2444 wrote to memory of 3168	2444	iexplore.exe	IEXPLORE.EXE
PID 3856 wrote to memory of 736	3856	iexplore.exe	IEXPLORE.EXE
PID 3856 wrote to memory of 736	3856	iexplore.exe	IEXPLORE.EXE
PID 3856 wrote to memory of 736	3856	iexplore.exe	IEXPLORE.EXE
PID 3512 wrote to memory of 3948	3512	iexplore.exe	IEXPLORE.EXE
PID 3512 wrote to memory of 3948	3512	iexplore.exe	IEXPLORE.EXE
PID 3512 wrote to memory of 3948	3512	iexplore.exe	IEXPLORE.EXE
PID 2448 wrote to memory of 2328	2448	iexplore.exe	IEXPLORE.EXE
PID 2448 wrote to memory of 2328	2448	iexplore.exe	IEXPLORE.EXE
PID 2448 wrote to memory of 2328	2448	iexplore.exe	IEXPLORE.EXE
PID 4076 wrote to memory of 3020	4076	iexplore.exe	IEXPLORE.EXE
PID 4076 wrote to memory of 3020	4076	iexplore.exe	IEXPLORE.EXE
PID 4076 wrote to memory of 3020	4076	iexplore.exe	IEXPLORE.EXE
PID 3148 wrote to memory of 2636	3148	iexplore.exe	IEXPLORE.EXE
PID 3148 wrote to memory of 2636	3148	iexplore.exe	IEXPLORE.EXE
PID 3148 wrote to memory of 2636	3148	iexplore.exe	IEXPLORE.EXE
PID 3620 wrote to memory of 1632	3620	iexplore.exe	IEXPLORE.EXE
PID 3620 wrote to memory of 1632	3620	iexplore.exe	IEXPLORE.EXE
PID 3620 wrote to memory of 1632	3620	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\d2bc5be85fa4fe738bb81bd513e68a4afdae6ecf97d4581acc679beb9d988a1c.exe
"C:\Users\Admin\AppData\Local\Temp\d2bc5be85fa4fe738bb81bd513e68a4afdae6ecf97d4581acc679beb9d988a1c.exe"
1⤵
PID:3912

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3948

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3948 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2376

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:3168

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3856

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3856 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:736

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3512

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3512 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:3948

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4076

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4076 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3148

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3148 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3620

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3620 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:1632

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/736-4-0x0000000000000000-mapping.dmp

Download
memory/1632-9-0x0000000000000000-mapping.dmp

Download
memory/2180-2-0x0000000000000000-mapping.dmp

Download
memory/2328-6-0x0000000000000000-mapping.dmp

Download
memory/2456-1-0x0000000000000000-mapping.dmp

Download
memory/2636-8-0x0000000000000000-mapping.dmp

Download
memory/3020-7-0x0000000000000000-mapping.dmp

Download
memory/3168-3-0x0000000000000000-mapping.dmp

Download
memory/3912-0-0x0000000000710000-0x0000000000726000-memory.dmp

Filesize
88KB

Download
memory/3948-5-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads