790191b70550856b3e8ec108fdb82cd8d852822d6716ec865f21cfb5ad160b7c

General

Target

ox9.dll
Size

233KB
MD5

68cf96f4bc91628e22e1526d9728990b
SHA1

a1e1063ec8c3667e86e1afab81cb6bbea84485b3
SHA256

790191b70550856b3e8ec108fdb82cd8d852822d6716ec865f21cfb5ad160b7c
SHA512

ca6bb734df8bf35a2f3346ff5ad954ecc058a719b0eabf90d8c323b80ed6b8659cef5b5f51f65b149c48435bc396920549a72471b0cde1d70a02bf59dbf37b24

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

23 3748 rundll32.exe

flow	pid	process
23	3748	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 117 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000d9d500c6e7c3d4acf8ff3cfc6e69822603ab9a12819b3e986bf0376bd1dab121000000000e800000000200002000000019fdc32ac8dbbfe6bbb95f8655daf3a39ea12347acbababa980ceec35a0d96ba200000003d31e7fd4fc8e3353d6c18cb861d5652c36f65906c555cfb8d4509c67a94176540000000cb7289a82059aa415ca41a8e3d4306b934301ef438741d2db344aef370cce7c79a34a87d94178b6a6e4725987318016e7f99dbfe3bb75d21978d0ea5856e5dd9	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{48BAB034-452D-11EB-B59A-F648E9E4AC23} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000d350bf5044af9747c44fab16d86d4399d714cb06acd25920a03ec663e2173c1d000000000e8000000002000020000000e9d050fa404434aad78f12b50e0ac504cf787cfdfa1a8db125b1fff65cfb2b0d20000000aa09e6c742207309ffc750e3c3be07da0c26047c06cfcf840de5905a0c68cf8140000000b787c83f5edf5b54720dae8fc476fa6472ed1b3da9ef124154546801d71fe4ea724236870e502528e0a1ca1659bad1aae1658be8f9e830132628f11d276f8ba1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e057d6fb39d9d601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000004bf477daac7e45c9671da471645601bef0c64092f4a41d0516cc3de1ad2bed28000000000e80000000020000200000000e1ce26beb1750b53c7c11b98a84b1c0ac7af58ffd884ad59e26fbc212cd7f2f2000000052d6e7148217ee72433a3023b7b75c67e6e2a2ca4eda7090477565bf7098b54640000000ab3cc5697f12feb20e39084c91f2e8f6cada8136c6a1617270316f327057ecfb25e06d1fd66a20af07178771771323ac4d17d0e284e963a97367a724359c2022	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60500dd939d9d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{001F943F-452D-11EB-B59A-F648E9E4AC23} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30857529"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e4cb043ad9d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30857529"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0c7f0d839d9d601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000fafb0dc720f8f81172d03ca43ac2b364b71d648cce85f71d33d71aa94e2a4deb000000000e8000000002000020000000d0af9f99930d3ad8d04486878f13475b9c55c9c50e576800a33340815761258a20000000794559bf217dfd9e528a6e6d0738775c862d5144f2e7dbb5bc6dbccd2cf00fe840000000faf480f0930d16f31d39bec4025534e22677cae4b587e0f1cad08ab7df835fce2af6ef63cfaf3b2ed23ec2b29e83c993222a7b77ea7959f4ba7834ef4bd2f90d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3FC9DEB4-452D-11EB-B59A-F648E9E4AC23} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{37CEA03F-452D-11EB-B59A-F648E9E4AC23} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000008297a320cc7b573155b3ee59414a175b50cac7ca63f63df42bd72de0ae887f43000000000e80000000020000200000003d4995476574619072c947b1eb223d7f109621ac8c09324ef39222ce3f3cf43d200000003af317d5da39aaa10db77a527069351763683c64c628c6863d40bcfc11732fe94000000054a399183e9c31c021aa9f3e58b4a6490372f583f2e93e8f8ab7442e94a8e0aab6f96ecb17c21ca4a934cab9dcec5c58c7480d63634dc2628d8c15dc024cf4a9	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000691a07ce6e073f5ce095332872ae30ea9c7991f9bd8df38c1a4e55b47a49ec53000000000e8000000002000020000000671824efb5d2ffaefa22a52dfaf19b8f1fe1d9dbd5f7356c6850583173fac07b200000006fe7612b5ee68da7c1060a311b3dbcd8f52f93b2ba515766bcb0b24126a65a2e4000000095dd16e74ac32d98f77d792a1f5b71df1ee4a794ebaf5b96e1a24446e44f81a840580fda976de4a97d06084bd73a56613ad57c4e6271f8bb56cc619678d6ad40	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000757a1d567cbd644a95d25bf483b773571ed95c19b77e98a9e28952e4a873445e000000000e8000000002000020000000241ce2f0abf3517c495e5172c365686af66315696af1350b8ff44cf388553ea72000000064f90409b094e2f7d48304c44389a09ea9871977a7a205b0c0ca6d0cc1c9602a40000000b0da26f78cceab4348e30545c644a8501ade975abd07dead96452d014f614693682f88178028998dce8921282b7dd6566865a769a36234c83d8d7a874b6c6d3c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e00030e539d9d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

3896 iexplore.exe
4048 iexplore.exe
3484 iexplore.exe
1932 iexplore.exe
1772 iexplore.exe
1784 iexplore.exe
800 iexplore.exe

Suspicious use of SetWindowsHookEx 28 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
3896	iexplore.exe
3896	iexplore.exe
1264	IEXPLORE.EXE
1264	IEXPLORE.EXE
4048	iexplore.exe
4048	iexplore.exe
1764	IEXPLORE.EXE
1764	IEXPLORE.EXE
3484	iexplore.exe
3484	iexplore.exe
2232	IEXPLORE.EXE
2232	IEXPLORE.EXE
1932	iexplore.exe
1932	iexplore.exe
2180	IEXPLORE.EXE
2180	IEXPLORE.EXE
1772	iexplore.exe
1772	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
1784	iexplore.exe
1784	iexplore.exe
4048	IEXPLORE.EXE
4048	IEXPLORE.EXE
800	iexplore.exe
800	iexplore.exe
2236	IEXPLORE.EXE
2236	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

rundll32.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 3636 wrote to memory of 3748	3636	rundll32.exe	rundll32.exe
PID 3636 wrote to memory of 3748	3636	rundll32.exe	rundll32.exe
PID 3636 wrote to memory of 3748	3636	rundll32.exe	rundll32.exe
PID 3896 wrote to memory of 1264	3896	iexplore.exe	IEXPLORE.EXE
PID 3896 wrote to memory of 1264	3896	iexplore.exe	IEXPLORE.EXE
PID 3896 wrote to memory of 1264	3896	iexplore.exe	IEXPLORE.EXE
PID 4048 wrote to memory of 1764	4048	iexplore.exe	IEXPLORE.EXE
PID 4048 wrote to memory of 1764	4048	iexplore.exe	IEXPLORE.EXE
PID 4048 wrote to memory of 1764	4048	iexplore.exe	IEXPLORE.EXE
PID 3484 wrote to memory of 2232	3484	iexplore.exe	IEXPLORE.EXE
PID 3484 wrote to memory of 2232	3484	iexplore.exe	IEXPLORE.EXE
PID 3484 wrote to memory of 2232	3484	iexplore.exe	IEXPLORE.EXE
PID 1932 wrote to memory of 2180	1932	iexplore.exe	IEXPLORE.EXE
PID 1932 wrote to memory of 2180	1932	iexplore.exe	IEXPLORE.EXE
PID 1932 wrote to memory of 2180	1932	iexplore.exe	IEXPLORE.EXE
PID 1772 wrote to memory of 2064	1772	iexplore.exe	IEXPLORE.EXE
PID 1772 wrote to memory of 2064	1772	iexplore.exe	IEXPLORE.EXE
PID 1772 wrote to memory of 2064	1772	iexplore.exe	IEXPLORE.EXE
PID 1784 wrote to memory of 4048	1784	iexplore.exe	IEXPLORE.EXE
PID 1784 wrote to memory of 4048	1784	iexplore.exe	IEXPLORE.EXE
PID 1784 wrote to memory of 4048	1784	iexplore.exe	IEXPLORE.EXE
PID 800 wrote to memory of 2236	800	iexplore.exe	IEXPLORE.EXE
PID 800 wrote to memory of 2236	800	iexplore.exe	IEXPLORE.EXE
PID 800 wrote to memory of 2236	800	iexplore.exe	IEXPLORE.EXE

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ox9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3636

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ox9.dll,#1
2⤵
- Blocklisted process makes network request
PID:3748

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3896

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3896 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4048

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4048 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3484

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3484 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1772

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1784

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1784 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:4048

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:800

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:800 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2964

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:82945 /prefetch:2
2⤵
PID:2724

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
MD5
953f2125a88eced630fa3f95e287b02f

SHA1
441e0e319ee73efd0621095d74e75b6a16239c48

SHA256
251e9ca5f4e6580fe9014e843ac3e054aa45d6a8e7cef4f5c7512fc31fc354fa

SHA512
b685e7d725dc2bf210c906b744445f1ad59a54a4ee251825f39b12522d98f02be49f4bce3fa1832bb7e08f8e118bfc1ed7c1bd76cb054b24223eb863103c0050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
MD5
053d99903e9853c2a021d0bb49cdbb6c

SHA1
f0f65f12bd7646dd441f7f8015d91c16c1638ec2

SHA256
5c17997f9dc25c0df56cc98ee785b94cd6bf798becf7dc1fa2dc311063740b8b

SHA512
9b24eb62f93b24ea52193f3df88febe123c9dabdcea3493663a76a8965f4ae7c13b0ac3ef799076c57215eb13c14110d620262cb43dd2f38fab870e30aeac659

Download Submit
memory/1264-4-0x0000000000000000-mapping.dmp

Download
memory/1764-5-0x0000000000000000-mapping.dmp

Download
memory/2064-10-0x0000000000000000-mapping.dmp

Download
memory/2180-9-0x0000000000000000-mapping.dmp

Download
memory/2232-8-0x0000000000000000-mapping.dmp

Download
memory/2236-12-0x0000000000000000-mapping.dmp

Download
memory/2724-13-0x0000000000000000-mapping.dmp

Download
memory/3748-2-0x0000000000000000-mapping.dmp

Download
memory/3748-3-0x0000000002DC0000-0x0000000002DD2000-memory.dmp

Filesize
72KB

Download
memory/4048-11-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads