a0827b06bad13e450aa21407068d1c34d24d8c8441647c3bc7231a507105146e

General

Target

2048replyro.exe
Size

642KB
MD5

f54d6d3b0f993aa250d69501b28ecfed
SHA1

01e176424a9d9b3f3bb1a6a607d860b3f8fc57f1
SHA256

a0827b06bad13e450aa21407068d1c34d24d8c8441647c3bc7231a507105146e
SHA512

28d6c5a560c3429e785c584bb8c9b57da41aa8224eaac767612c5f2fcd93cbd473bc26e7c878fdad501addc4b94b591581a3f5e75b7ea24eca04db22e8abdf23

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 131 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000008f3284c2d7f8831659d58ed2d404b0082be7dc5ce062b61a8c22bdf57ddc03eb000000000e800000000200002000000019f4a1b8d170b21ec895bb1b3b4d926bb490359d2de1cabd227fe9267632048620000000adc79305ed2f59ca9ac744c1bd9090a66a745e7754edbf0b9c569e81fb752392400000001d2ebf2539b5fb26ed181623c80d9633e0eb6dee68bc6c449afdb1bfaeb41673eb4c97f70aee7da0addba0a1acc78c80bdc14655178e3a07ec068c9527b40d7f	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3A01333-23AB-11EB-B59A-F6A5F321BADB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000007db7f357c21a3adbd9cccaa86fad5e5e8d3df253681ea6d9ab0b15dae4040697000000000e80000000020000200000002a4cafad72dfdb1629914a7e95b5292d8ce0cd3e614ac7694bc4e36f67d41fd42000000025c8cc71f96167d6b90c0307019bf4b1dac51f398e593c1f317819e8618b23eb40000000511e3b60e0da2457dabb6fc028eecaa514db94a7d16f7bf48193165b833273a799d1a4c3ce67e12e2b6db692935ffd63a695f912a426ef5e160c5fe346378d1b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000007e865bae514a92a2d1de64b407e9b1f2440dc8fc4881bb7596e0eccdbf6da1e6000000000e80000000020000200000006bf8e999ca73c6542bd705dd8510350c4decaa95408270aa8e699371df9c6b532000000003d50c49b70933eb42a86fd2226a11b82a53008fec749f7a9c01be2da3f22eb940000000cf574f3e26ee901706a8b8475f06bb219e2730fbddc3f84a7395e4772ff06f66e0a440ca6a197c44cb6c2d60fb106a06efa98b1edc9aa1d22bbdf3300fd21d83	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f284b6b8b7d601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b78fcab8b7d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90869cd1b8b7d601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000fff6e0c01de5340af6a9b8d4b5366be6ccda1f41e15dc7994960a5be769a02b6000000000e8000000002000020000000ace2ed88e2141f58227f4921725dba8c9bc5f9300931c07e282e9de236b3af61200000003d0cf4e6ff799955dcf6fb79ccd5214979959ce49903e7a01ae8689baeefa84640000000babf91bda2c6782e0dc358a559081c9eaa9fe241c7360739b6eec5e0559f1a3fa72ce462df54b5ad8fc75e1c8cdc9f1bc49bb2359d78e3566c65f075414a3ae1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40f18fafb8b7d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000007004c434b4af5568c2afcab36fe0a7b3c6b3a6b61ac16500e9ce597e34509de9000000000e80000000020000200000006ea5ebd1570de19f9f711bb18506182f6f2a78fd23c63ae3b99cc659fce6db82200000004d4efebd831aaed84300f4b6d97298f91e802029dade244381e4885ba6c08bee40000000a66c583e8605cebdc4bbec839fb7e0745a82f9cffdb90c70d3bd4140ce877b9ba99f3efae5ce66b10ec6b6e54cf35976cc79dd87f5c51a98c9c2f352a59ad196	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07A3AF88-23AC-11EB-B59A-F6A5F321BADB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f06b85a8b8b7d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{15AF09F1-23AC-11EB-B59A-F6A5F321BADB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30848952"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EC9CC7B6-23AB-11EB-B59A-F6A5F321BADB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000f273eb42501957cfe709817348cd5629c02c608ac454883bce29107ef5cd9cde000000000e8000000002000020000000bf1181891c49768dfec4babc47462ea968570a07295ef98026967aea7df1f8dd200000006634d306b711e83c90f86591f800b36f7785e09529ad0d942cc6e85854963a894000000027eac7d7fbde551c4c7623f2132919f2076aab76b56f722b13e695d4affd3a58ad30a754b193782552134ba037c454cb819c1ed74cf99aaecbefe475dcbdc60c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CFB444C9-23AB-11EB-B59A-F6A5F321BADB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b6a7a7b8b7d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

2460 iexplore.exe
3892 iexplore.exe
2180 iexplore.exe
3036 iexplore.exe
2024 iexplore.exe
2168 iexplore.exe
3760 iexplore.exe
3400 iexplore.exe

Suspicious use of SetWindowsHookEx 32 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
2460	iexplore.exe
2460	iexplore.exe
3268	IEXPLORE.EXE
3268	IEXPLORE.EXE
3892	iexplore.exe
3892	iexplore.exe
648	IEXPLORE.EXE
648	IEXPLORE.EXE
2180	iexplore.exe
2180	iexplore.exe
724	IEXPLORE.EXE
724	IEXPLORE.EXE
3036	iexplore.exe
3036	iexplore.exe
3700	IEXPLORE.EXE
3700	IEXPLORE.EXE
2024	iexplore.exe
2024	iexplore.exe
2232	IEXPLORE.EXE
2232	IEXPLORE.EXE
2168	iexplore.exe
2168	iexplore.exe
3888	IEXPLORE.EXE
3888	IEXPLORE.EXE
3760	iexplore.exe
3760	iexplore.exe
364	IEXPLORE.EXE
364	IEXPLORE.EXE
3400	iexplore.exe
3400	iexplore.exe
4028	IEXPLORE.EXE
4028	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 2460 wrote to memory of 3268	2460	iexplore.exe	IEXPLORE.EXE
PID 2460 wrote to memory of 3268	2460	iexplore.exe	IEXPLORE.EXE
PID 2460 wrote to memory of 3268	2460	iexplore.exe	IEXPLORE.EXE
PID 3892 wrote to memory of 648	3892	iexplore.exe	IEXPLORE.EXE
PID 3892 wrote to memory of 648	3892	iexplore.exe	IEXPLORE.EXE
PID 3892 wrote to memory of 648	3892	iexplore.exe	IEXPLORE.EXE
PID 2180 wrote to memory of 724	2180	iexplore.exe	IEXPLORE.EXE
PID 2180 wrote to memory of 724	2180	iexplore.exe	IEXPLORE.EXE
PID 2180 wrote to memory of 724	2180	iexplore.exe	IEXPLORE.EXE
PID 3036 wrote to memory of 3700	3036	iexplore.exe	IEXPLORE.EXE
PID 3036 wrote to memory of 3700	3036	iexplore.exe	IEXPLORE.EXE
PID 3036 wrote to memory of 3700	3036	iexplore.exe	IEXPLORE.EXE
PID 2024 wrote to memory of 2232	2024	iexplore.exe	IEXPLORE.EXE
PID 2024 wrote to memory of 2232	2024	iexplore.exe	IEXPLORE.EXE
PID 2024 wrote to memory of 2232	2024	iexplore.exe	IEXPLORE.EXE
PID 2168 wrote to memory of 3888	2168	iexplore.exe	IEXPLORE.EXE
PID 2168 wrote to memory of 3888	2168	iexplore.exe	IEXPLORE.EXE
PID 2168 wrote to memory of 3888	2168	iexplore.exe	IEXPLORE.EXE
PID 3760 wrote to memory of 364	3760	iexplore.exe	IEXPLORE.EXE
PID 3760 wrote to memory of 364	3760	iexplore.exe	IEXPLORE.EXE
PID 3760 wrote to memory of 364	3760	iexplore.exe	IEXPLORE.EXE
PID 3400 wrote to memory of 4028	3400	iexplore.exe	IEXPLORE.EXE
PID 3400 wrote to memory of 4028	3400	iexplore.exe	IEXPLORE.EXE
PID 3400 wrote to memory of 4028	3400	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\2048replyro.exe
"C:\Users\Admin\AppData\Local\Temp\2048replyro.exe"
1⤵
PID:492

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:82945 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3268

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3892
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3892 CREDAT:82945 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:648

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:724

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:82945 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3700

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2232

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:82945 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3888

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3760
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3760 CREDAT:82945 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:364

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3400 CREDAT:82945 /prefetch:2
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/364-7-0x0000000000000000-mapping.dmp

Download
memory/492-0-0x0000000002230000-0x0000000002246000-memory.dmp

Filesize
88KB

Download
memory/648-2-0x0000000000000000-mapping.dmp

Download
memory/724-3-0x0000000000000000-mapping.dmp

Download
memory/2232-5-0x0000000000000000-mapping.dmp

Download
memory/3268-1-0x0000000000000000-mapping.dmp

Download
memory/3700-4-0x0000000000000000-mapping.dmp

Download
memory/3888-6-0x0000000000000000-mapping.dmp

Download
memory/4028-8-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads