5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80

General

Target

5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80.exe
Size

150KB
MD5

a8864ed2fc43a52cb42127c37720c88e
SHA1

96a8f93afd9c2835ee1d22ab58cdd0399bfdfc21
SHA256

5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80
SHA512

5502b38b0ca9921c9cf9c3667cef846f1f495302c89290ba7351c169cb50ad9153a7d097af9cc882a6d7353e7b118647a59a07aaa293c25dd243132f82e43deb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 131 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D927EB56-39B3-11EB-BEBD-CA79033726AB} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ccc5bdc0cdd601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01CC80EC-39B4-11EB-BEBD-CA79033726AB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d00000000020000000000106600000001000020000000ee5490fe62de4a2aafd232ff8e9d1fe087e544578cc4e9c79ca1983e173386e2000000000e8000000002000020000000ee4fd9942f41ca3507178b1eb1596b7fef0502b54808d2010612b631dcaedd20200000008325e38ad657b7a58122023eb1a3c472520ae548019dd2a8f0f75a922ffae79e400000000a9f33e1b59ad60cd16025dce852950a78cf0c822d8eec376b0a910dfe53708f04a75943285b5fed6219453502f3e19efcbfac6884aedf8ee29911f90ca24ea0	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d000000000200000000001066000000010000200000000a142a6471e6222636d3a9e834e296b9b660035b2c4fd90f2c8ae94b89d2c09c000000000e80000000020000200000000239e536427f68301ff05bf169df98cb0383cc411a916312994e8ae583ec930d20000000957f340cceda6a7870a677cb6425639081d8d613f35915e1f5f30de1074f2a4c4000000005b1568895d422b600d8de325fdc231e420cc2b7bacf7b08d1e7564c181c63d9e190b09a77b95df2796634ebab16156248e81ebe53f9aa71f07c3fbd008e8fc7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 301521d8c0cdd601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d000000000200000000001066000000010000200000007b5b5f2a31790cfb554b3dfec0d211b531ac55a2055ac567adb650dec0f641a0000000000e8000000002000020000000878e24888318dc2d04fde7e1370e9f77aadd5346fcc931e8e74d3d5fc2d18e6a20000000136d15a7bcead9921b84de906517a41e379e9c4d9fafd3ffa61bc6d4d8f6488440000000287c1338182dc3c3f6306dbfcacb53fa984e4be84f0aad23ceabf82ba204b7633f5cf4b3c3c475abea34668e34b141fdfaa6ab83c06c8dad38dd8f272f468957	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30854592"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d00000000020000000000106600000001000020000000d7664746492d325115dfb5c03e34e9d12ab73ba76ed4fed0747cf739b14d1632000000000e80000000020000200000004643ef6be6b63ef0b1cc1b7768eddcad77ce179085b48b6d783f6617bac77f6520000000da8dfa38ebfe08022fbd31496c052c1724318c992a9b8163e236aee6628d4bc340000000b3477f41be783499df215356e2c40316dcac82a17e525f6ec578828eecd22995cbf8cd00db532a0b8a7175a50127c2c32192e1feca4cf3dd39e918c3ea9f9624	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d000000000200000000001066000000010000200000000c88291adfe05812c5b9601e89b102be35200baba7b5b2a1998873f363575a17000000000e80000000020000200000008b6197d9c089e88c64e59cd5a5b974e204333ab7d1bc039ec9d835cd0a23f28d20000000ed84b629d30aea84b459bcc754f8f41e0d38b97f533d26e50547fa273d843e5c40000000b842b083fa55b49c6fb4ef69ee2b6390121cc76d76f35a5cc40613cad2b2cba540424beafc26f90c7fe5bbcb47b15375aa8b08adf44d3d769702890512f8f7bc	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d00000000020000000000106600000001000020000000d0b7c1262eabf28bc1abb21d9cc24a8242510bb53fdeb93cdf026fdf0cabb112000000000e8000000002000020000000e5f5b105a6ad8d9069acadc0dddf9412798575fd3a67c1a5819ea778ffd15de82000000071051870198852ed4253890afa38577795e7dc676d27c86ad1781a7abc2c279f4000000064387f8f08c0f34ab77c56e698478836b8134611a983932e179c7feadd17387c9af2b4e5c7f64f9e06323c11c9bd718d5fc22e441f92a97a81001a76f6c3fe0e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07e3faec0cdd601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1E1D53B-39B3-11EB-BEBD-CA79033726AB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9EB7538-39B3-11EB-BEBD-CA79033726AB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9A19200-39B3-11EB-BEBD-CA79033726AB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d67fc6c0cdd601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A94CAA6-39B4-11EB-BEBD-CA79033726AB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

3472 iexplore.exe
2020 iexplore.exe
1100 iexplore.exe
3172 iexplore.exe
1452 iexplore.exe
2912 iexplore.exe
1372 iexplore.exe
3212 iexplore.exe

Suspicious use of SetWindowsHookEx 32 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
3472	iexplore.exe
3472	iexplore.exe
1932	IEXPLORE.EXE
1932	IEXPLORE.EXE
2020	iexplore.exe
2020	iexplore.exe
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
1100	iexplore.exe
1100	iexplore.exe
3972	IEXPLORE.EXE
3972	IEXPLORE.EXE
3172	iexplore.exe
3172	iexplore.exe
2096	IEXPLORE.EXE
2096	IEXPLORE.EXE
1452	iexplore.exe
1452	iexplore.exe
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2912	iexplore.exe
2912	iexplore.exe
3164	IEXPLORE.EXE
3164	IEXPLORE.EXE
1372	iexplore.exe
1372	iexplore.exe
1020	IEXPLORE.EXE
1020	IEXPLORE.EXE
3212	iexplore.exe
3212	iexplore.exe
3172	IEXPLORE.EXE
3172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 3472 wrote to memory of 1932	3472	iexplore.exe	IEXPLORE.EXE
PID 3472 wrote to memory of 1932	3472	iexplore.exe	IEXPLORE.EXE
PID 3472 wrote to memory of 1932	3472	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 2716	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 2716	2020	iexplore.exe	IEXPLORE.EXE
PID 2020 wrote to memory of 2716	2020	iexplore.exe	IEXPLORE.EXE
PID 1100 wrote to memory of 3972	1100	iexplore.exe	IEXPLORE.EXE
PID 1100 wrote to memory of 3972	1100	iexplore.exe	IEXPLORE.EXE
PID 1100 wrote to memory of 3972	1100	iexplore.exe	IEXPLORE.EXE
PID 3172 wrote to memory of 2096	3172	iexplore.exe	IEXPLORE.EXE
PID 3172 wrote to memory of 2096	3172	iexplore.exe	IEXPLORE.EXE
PID 3172 wrote to memory of 2096	3172	iexplore.exe	IEXPLORE.EXE
PID 1452 wrote to memory of 2752	1452	iexplore.exe	IEXPLORE.EXE
PID 1452 wrote to memory of 2752	1452	iexplore.exe	IEXPLORE.EXE
PID 1452 wrote to memory of 2752	1452	iexplore.exe	IEXPLORE.EXE
PID 2912 wrote to memory of 3164	2912	iexplore.exe	IEXPLORE.EXE
PID 2912 wrote to memory of 3164	2912	iexplore.exe	IEXPLORE.EXE
PID 2912 wrote to memory of 3164	2912	iexplore.exe	IEXPLORE.EXE
PID 1372 wrote to memory of 1020	1372	iexplore.exe	IEXPLORE.EXE
PID 1372 wrote to memory of 1020	1372	iexplore.exe	IEXPLORE.EXE
PID 1372 wrote to memory of 1020	1372	iexplore.exe	IEXPLORE.EXE
PID 3212 wrote to memory of 3172	3212	iexplore.exe	IEXPLORE.EXE
PID 3212 wrote to memory of 3172	3212	iexplore.exe	IEXPLORE.EXE
PID 3212 wrote to memory of 3172	3212	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80.exe
"C:\Users\Admin\AppData\Local\Temp\5bd267095b25bea0d5a95b4d6c22b871056ca7b8dc137351850d6a577ba62b80.exe"
1⤵
PID:756

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3472

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3472 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1100

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:3972

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3172

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3172 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1452

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1452 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:3164

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1372

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1372 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3212

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3212 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:3172

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
MD5
a3937e7c96f6a6758d9d47b31ec2f631

SHA1
a6ddca987506ade6cff0c3fb14358c3f2e663de2

SHA256
39a093299e6413d6bb7f6daa0f69e95231e9feadab80737db6647ea98ab5d893

SHA512
56ab7a51045d426425df6858d2aaca07a9432f97bfe330e7fc7f39ebfffccf1daa62a1b012a6b5ef45271c5005a8768e3ce3c62df834670cd36159872112e208

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F250CE97E66B5257D9A750299D6D415B
MD5
1fa123da6f120237138d244b47597234

SHA1
4d06eb0ed4e8c43d2ad78436dcd810fc60570a74

SHA256
7fea4a58a5353608e13e713978bfa1d373694838c0c2bb2645293de006b13fd3

SHA512
7c75f66cee5901d34ce4f5fd21dc99b90c6d3ae6e289883ae961728f8d57b12ca360ac72576fd8b9778a15e456e592039eb614cb6294e88ef6d0f94432014e45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
MD5
b785fc07f6d85c6f90341bace7e836a4

SHA1
beafc09664627a1d2885bd74f47c54e67b05f66b

SHA256
d1a9f9caf2f92630501d3e2cfdab81a0089ae14a7beb713457f2a165534c2c0f

SHA512
302df8a8fa0dfc3c34ab988d8262ee3b4c8656f138e3e72a2f6d923fac592a48578e065e41cd6d24c7f6235090cdf98fdd540decbadb180bd53f0c65cbb2771c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F250CE97E66B5257D9A750299D6D415B
MD5
3096c17adc245f2c8a0e92eb7e189f8e

SHA1
ac4f9713dc957be45e1f9408808b7230ee79f178

SHA256
752fe04507c0df3997cf88f6902950168acaea53abb3a940c8dae414deb8d11e

SHA512
d2a575d1128008d18ac339268dc52c2f1b54e6ad2ca3965a326c6be4215883111a7a76a8b27615b932b9994a2004977498b627007213b08eac2659f7b1477e64

Download Submit
memory/756-2-0x0000000000470000-0x0000000000482000-memory.dmp

Filesize
72KB

Download
memory/1020-13-0x0000000000000000-mapping.dmp

Download
memory/1932-3-0x0000000000000000-mapping.dmp

Download
memory/2096-10-0x0000000000000000-mapping.dmp

Download
memory/2716-4-0x0000000000000000-mapping.dmp

Download
memory/2752-11-0x0000000000000000-mapping.dmp

Download
memory/3164-12-0x0000000000000000-mapping.dmp

Download
memory/3172-14-0x0000000000000000-mapping.dmp

Download
memory/3972-9-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads