9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0

General

Target

9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0.dll
Size

132KB
MD5

b0f3a46adf98efb3a9ac7cead9b4fc5a
SHA1

01b0ece80907f2d9e500ada1cd2d555b782dd3a2
SHA256

9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0
SHA512

22076388da1305e1a9b7ad3257fde95b81118983c95b0025b3a4c848b6703257dbaeaad3da10dab7e66c18fdb7bc015dbf08f20ad0f37543f40e5b448779b6be

Score

8^/10

Malware Config

Signatures

Blacklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

27 1644 rundll32.exe

flow	pid	process
27	1644	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 126 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000b583e5b0d51c1a9cede7d66abc4c688d555824d18c557b4811d25a7fa374dbdb000000000e80000000020000200000007471324832625c1f3d74e5f9e55cf8a53d54d207a3d3eea13afd61f71ebdc457200000005b61129850d2a2c6ff415d36e166c89aeb3a26abfcf2d1b15a1bc6bf2751c244400000006265f15a73ee1a72ead38f52640412f63fdaff34ee239baa6739be903e083fc986c67d5c15dd32cc828ededc96acbc37d3100dec31f5ed3cf3906eb0c2a30d82	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C9E7A76-3262-11EB-B59A-5EE6A97A695A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 604b95336fc6d601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60fcb45d6fc6d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F32FB8C-3262-11EB-B59A-5EE6A97A695A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000b1ac21083c1de84d87e03934bf76ed3504eae6592a4c3c9f907af203ed9fea77000000000e80000000020000200000006bbfe6c67e63c1bba882a4cb4d8439490c9aa1ab4fcfa53f0bb80993103ac50920000000922258a41fff59988f74a71468962a8bcfa1c3ae99ee259071ba29cadf1a0501400000005463c481373e56148f4a36876e15d8d3c8d5431ec181f6f7a6854873f5ac4748c8e77162035269eb680f3b2bfe2effa50e513745a822eb877cf69106f6a11d96	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a0000000002000000000010660000000100002000000007deb45d88b0af5b21ddc0e7a3d822798ec003f99e3da286684da39610e7dbe7000000000e80000000020000200000004ff8737f46562e48a5da1a259bc4b2589fc95696fcb1bf4265bbdf98f19cc55c20000000ad12bc681bb5c9e75ab463d0113bb59a049dedf0ea6aad7a21ce5ddb2d85163840000000537e50ccf119c86e3b713e880fe340df3b5f1ed282a56cac76686f91025bf14b09373f5d715d24625abf1148488298c1ee47cea849ec263ba602364a53a99592	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66A64865-3262-11EB-B59A-5EE6A97A695A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000c11947c5f59b295bab244fb74d3e341de91e1f6f98fbac57bb0eaa728bc20ece000000000e80000000020000200000006453f9fa98c82d27541f4bbc46fe0724a81ca275ed73ec82c9c30f46753ddc7b2000000034153da15ce53ddb194e6370c3b194a84cbfe89c28efe053d848244917c4bba3400000007ccd914dd53573e54d2a94b04d72fe179eebb3c2a09f96e38f16be748756585098e5797758dae91d57c783e099a863b45f0e03ec3ef11333811f9e511d13cd34	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9007864c6fc6d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000646199f80aeb37c2707ae5a598f00d4905bd2fcd3986543b279b2bf8ca0eec77000000000e8000000002000020000000a41128c70e8a2f888abc5b28a1b97bdacf1685c9a90cf603572e4146613d14f32000000090e4395fec33e48c5a7098e46f3e0d1824ca1ac1a0ce53e259bb5407ed72f82f40000000d1ebc7ded5df52f7746c99ab9cb2fd38781350b6f791e23ba62e29baaf0bfc8b1bcdb3e529c651fd080f9d66912cd89305dea775313cf30bd1880b8fd8dadf4e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30852719"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000838e344cd34565016cb584bce93e25d6100299048263c1bfcdb87e9ce8e70c62000000000e8000000002000020000000cfd47e09fc135563985e06579cbe64c21598e5fde38a37fdc3570c366b51ed38200000007ade9b06369d003b92c1a410b3b7dca5135ad15fa6baade61dabb2fbff2e4352400000001a2f08a055b96e670c3cafff733413793641a86724bd50b33a7ad352693ba563d0b14d0d9b45b947cdc01a3dcc010d19665f901edb62c73ecd4106dff090f7a9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

2688 iexplore.exe
3268 iexplore.exe
1712 iexplore.exe
3164 iexplore.exe
2068 iexplore.exe
2756 iexplore.exe
2244 iexplore.exe
1500 iexplore.exe

Suspicious use of SetWindowsHookEx 32 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
2688	iexplore.exe
2688	iexplore.exe
200	IEXPLORE.EXE
200	IEXPLORE.EXE
3268	iexplore.exe
3268	iexplore.exe
2220	IEXPLORE.EXE
2220	IEXPLORE.EXE
1712	iexplore.exe
1712	iexplore.exe
2940	IEXPLORE.EXE
2940	IEXPLORE.EXE
3164	iexplore.exe
3164	iexplore.exe
2840	IEXPLORE.EXE
2840	IEXPLORE.EXE
2068	iexplore.exe
2068	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2756	iexplore.exe
2756	iexplore.exe
1452	IEXPLORE.EXE
1452	IEXPLORE.EXE
2244	iexplore.exe
2244	iexplore.exe
3936	IEXPLORE.EXE
3936	IEXPLORE.EXE
1500	iexplore.exe
1500	iexplore.exe
3972	IEXPLORE.EXE
3972	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 27 IoCs

Processes:

rundll32.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 3372 wrote to memory of 1644	3372	rundll32.exe	rundll32.exe
PID 3372 wrote to memory of 1644	3372	rundll32.exe	rundll32.exe
PID 3372 wrote to memory of 1644	3372	rundll32.exe	rundll32.exe
PID 2688 wrote to memory of 200	2688	iexplore.exe	IEXPLORE.EXE
PID 2688 wrote to memory of 200	2688	iexplore.exe	IEXPLORE.EXE
PID 2688 wrote to memory of 200	2688	iexplore.exe	IEXPLORE.EXE
PID 3268 wrote to memory of 2220	3268	iexplore.exe	IEXPLORE.EXE
PID 3268 wrote to memory of 2220	3268	iexplore.exe	IEXPLORE.EXE
PID 3268 wrote to memory of 2220	3268	iexplore.exe	IEXPLORE.EXE
PID 1712 wrote to memory of 2940	1712	iexplore.exe	IEXPLORE.EXE
PID 1712 wrote to memory of 2940	1712	iexplore.exe	IEXPLORE.EXE
PID 1712 wrote to memory of 2940	1712	iexplore.exe	IEXPLORE.EXE
PID 3164 wrote to memory of 2840	3164	iexplore.exe	IEXPLORE.EXE
PID 3164 wrote to memory of 2840	3164	iexplore.exe	IEXPLORE.EXE
PID 3164 wrote to memory of 2840	3164	iexplore.exe	IEXPLORE.EXE
PID 2068 wrote to memory of 2080	2068	iexplore.exe	IEXPLORE.EXE
PID 2068 wrote to memory of 2080	2068	iexplore.exe	IEXPLORE.EXE
PID 2068 wrote to memory of 2080	2068	iexplore.exe	IEXPLORE.EXE
PID 2756 wrote to memory of 1452	2756	iexplore.exe	IEXPLORE.EXE
PID 2756 wrote to memory of 1452	2756	iexplore.exe	IEXPLORE.EXE
PID 2756 wrote to memory of 1452	2756	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 3936	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 3936	2244	iexplore.exe	IEXPLORE.EXE
PID 2244 wrote to memory of 3936	2244	iexplore.exe	IEXPLORE.EXE
PID 1500 wrote to memory of 3972	1500	iexplore.exe	IEXPLORE.EXE
PID 1500 wrote to memory of 3972	1500	iexplore.exe	IEXPLORE.EXE
PID 1500 wrote to memory of 3972	1500	iexplore.exe	IEXPLORE.EXE

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3372

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0.dll,#1
2⤵
- Blacklisted process makes network request
PID:1644

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:200

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3268

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3268 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3164

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3164 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:3936

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1500

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B89CABBDDFF8EE7E973D0A6932822EA5

MD5
f7959966ec2faa5464073bbf5d5226fd

SHA1
003e15cc9cac1fef5e82012d5bc72ce6c882b906

SHA256
fb2e1e1e39d9ad9ba772401a4bb3b17e8ee5f6fb1f2d5c3fef9ded5150a49e1b

SHA512
74187d302978de0de05bcc01f6dbdf3244958a67264e025a221c42bda99bd7d65ed7d0b10403592ab17635f6982c38e9c4cdcb050a18d2c62db2ed073349d8b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08

MD5
d9a7c71f2455317845563b02c39b84c8

SHA1
ecbf1e7829878111d90e776b0deb79d33efa73b4

SHA256
c5b24a2e28e55081e315826ed0127557077434f24d5c3eff803c45aa4ef1b827

SHA512
675951ad8b62009fedd018df1c1dc00ba124d6d0564df7637955c5dc035d0f3d63367b5b2874315b549d206d0870ae6bbcf5e4faed8f6ba125123bd9326912f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B89CABBDDFF8EE7E973D0A6932822EA5

MD5
69959833dc2f34a3c15c0798583961e3

SHA1
a1e37293ac84f271946b1fc22fae79ad75313920

SHA256
4859eabc40cc623bd444161cd9d574e43ffbe0bef72d475f690170a0d2578663

SHA512
2dc5a086ac28863f8afc4308f7f5f1ac5e9d3d9cc8338214249901de40fc15071edf129f10799d28bfdf927cba958e219390497df623abc2b2435b994782cdfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08

MD5
1cc724dc3dd3ef2d2969c94ac80f79f3

SHA1
f07dab56fc2e90912ddd69ef9d866cef59eb570d

SHA256
92c5b40ff4736fbddb34ece1fc38c65380b6924fa4949a707023f03af4e7e280

SHA512
b355ea0d0b85f4469ae4391f1294b3c40eb63ba4914e11a6cdd342e9cc3c2e7e1ffecd00c2f47a4322be9500c7597ecb67f10b225f790d0694ed162a57bf3ea7

Download Submit
memory/200-4-0x0000000000000000-mapping.dmp

Download
memory/1452-13-0x0000000000000000-mapping.dmp

Download
memory/1644-3-0x0000000002CE0000-0x0000000002CF2000-memory.dmp

Filesize
72KB

Download
memory/1644-2-0x0000000000000000-mapping.dmp

Download
memory/2080-12-0x0000000000000000-mapping.dmp

Download
memory/2220-5-0x0000000000000000-mapping.dmp

Download
memory/2840-11-0x0000000000000000-mapping.dmp

Download
memory/2940-10-0x0000000000000000-mapping.dmp

Download
memory/3936-14-0x0000000000000000-mapping.dmp

Download
memory/3972-15-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads