9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0

General

Target

9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0.dll
Size

132KB
MD5

b0f3a46adf98efb3a9ac7cead9b4fc5a
SHA1

01b0ece80907f2d9e500ada1cd2d555b782dd3a2
SHA256

9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0
SHA512

22076388da1305e1a9b7ad3257fde95b81118983c95b0025b3a4c848b6703257dbaeaad3da10dab7e66c18fdb7bc015dbf08f20ad0f37543f40e5b448779b6be

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 8 IoCs

Processes:

rundll32.exe

flow	pid	process
21	1300	rundll32.exe
22	1300	rundll32.exe
23	1300	rundll32.exe
24	1300	rundll32.exe
40	1300	rundll32.exe
41	1300	rundll32.exe
60	1300	rundll32.exe
61	1300	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 151 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90768f0bd5e7d601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000003f6c2587f2ae35282c1f398f808c37f519acad57d7dd495a4c4aefc35aa84f5f000000000e80000000020000200000005afda03e655dab22009314c323177ad1901f716c95fbd1ad128b5a7732c9d35520000000db82afeba735ab4b1a51da7b3b54527326d42ea5ce9c583b5f5636fb31451ef5400000007a80ca02bade96932b886a85a23caf3c4f733f5d7bd0ac5a4e4509f205ebe4abb3df056c3d82df049a6f07fc8532b35a64457a466deeaab275a11b5d7839a2a6	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "103962305"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30861269"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000005d42bb7f003383cf6a456c8165f3213ae50cd2e75f6295e5d2c020cc3168a20e000000000e8000000002000020000000a3737759bc0d795a4df432bf0c98692a629404480c778298e126fe6fe420ecdc20000000ceda520bc4ca29147b8a6fecd5881c3b3b119216f441fc62e6eea59bfd1766224000000012151454e52afe7bc5fae85c70eea47147b13c71382e85c81eaa607e90da76f91c5dd5f5c02fa87b3f54cf81d1102ff9cec8a09eff576d15653c7be5dc5fcba2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FDDB147-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000ea23c6220b7e4f35627b26010f13f4b5e7e6619e92e575c0275c334e0862bd72000000000e800000000200002000000014c7354f235af5faf29110333fddfec2cf3b4f44e118f7f1d97ba5f8a4076077e00000005830860c9e7cd060d8d0df6f61ecc71439c5682d1ac32330cc8aecc8e8df7cfedbdec2322a7bb2c995fb46337d48089e8e52f90b09aa7eee3454cb596a48cf68d8560498d2f5f6cf21cc4bf3795b9a745175a4183a844c5da80d26eed856d96c06d93377bf7f0eafe254551dd61462d9e41e4f0a2297f413aa4da4fc6b2918153783433902bb67e4e0e160580006361db1c46c0adaee624a6fd51d7647cf8eb66bd234d5695c9ca9dc246267142ffed8dda73f35cb9a9cc56e5128364264c2fb11d8736aa0fd52c9e340aea495460d6887c9d90c29c662e4cebb061c30bc3d2e40000000cea7cde24ab6be34a3ba2e65566649b0e42ae76e5a53584f671b2364b03a6af3bf4e09bc5763964b17968d6676033c812a13a2f23a51e9d1f3742b974cb45663	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C5FAF53-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000dc6f43c99f75c064d645c85ab5868dae2ada6a9f5d37e704b43221480a3f5d33000000000e8000000002000020000000ef3590506c6c56b020590617f957411166d2be934e0527294244807cdc00acd7e0000000049d97addd581739b9dbcaa96fc9d43cd88ef77ba28d8ff9b307fc3c201547dc039263d1cb39d37d9e4d4efa374195a0cd9ab01035cbfb4510e7a4381bacf65e1adcfc5858a9429cad43d874e0a2844bc1af8ded1d2b9f027065c99d3bf7b3c6093f9860f07e77c69e1e73bb15b1015adc2b43d7788b20f654ee6141d48f2bc9e659fdd6737664052e690d3e7e6cd04208afd260dfcd22d28cb5bb752e2f29356aa1a688ab3113d322feb9139202d7c1cd8b5722f724d5ad89c372f834399f30e1c0a59485f48e1b62c504073bbcb8e230497c221360e41b0ca7c2ad4deb38fc400000006ca115a22f98deaf0a283354bf28a22a23468790853418345a391eaafa9cfcf3d9807080a566cb3fc26a9d0989adefc612cb36c14c0fbd0ce38afd90a18a26b1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73D307C0-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e093f9f7d4e7d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30861269"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000ea9ee381f99ebf824c4d989ca1e3053fc6852b817ac3fe9b30834295f8560557000000000e8000000002000020000000cbed3d902f4d14d128115d89de823adf9cfff9a701bd7f7908855acc92764105e00000000061064339d39f58599637a5ff4b69a06ebe1cf132b80c6dd58e137de077747e61846df4b96839172623c3aa4a41f58d16e893f41faaedb413292b410d992a6afe84bd9c4f15a3572f0aa149599a8375304a5b625caf32f41c8615f7d233d12d8687682cde7f552e194bbdcba0c777894be8376ad3010c33d5f52c78ec0aa29ce4eb455c321855213e53761ac049d1fcb83ba58d662573a3867570abc794b7946334cbe2b7206c0d7931f910f219ccb923c3c4bd4fb85ca0fcea5789c76ce4f9d8a02a8fcd1278cab0fae0aeb874704168509ebd6e7d094276a4a15d754c0567400000002b2a5642c517cfa54d22a15aeffeb683dc32d45b82eb84abe7bbb5ca57c15e2e5a2dda6e106978db57b848d467a36201b2dd1b80967e988fa43ba70ec8e41c39	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a0000000002000000000010660000000100002000000005fe99b1a31feeebaf6ca4217c14293e00b62739841f499a626afc82fc47ba38000000000e800000000200002000000027c1b15db923c3ea665c4aa27ab62be3483c765fa2726244f5de02ba752b578de0000000ed4406b52ef5b575e5e02a5b76957307b669755546609d5de118f2f56c460cd57999c78320d7db59c893871af4f7aa15c1145ce064474bd8ac791b362be5e359c8c5e4a31bee9836a09bef6a2ef12815a791d15a499e38b1046aff40944bd9a0535554fef15b228235ff9dc6d5283d80b31fc0e7530d3be84aafe656b1f93542b37c95c570756af3d51ea5453114f1e7b94eebc56cc6f13e0ebe62c5b6f22489fb3d8a5d5368b02f3c82d32b176adec1b030ceced9f39530c68abd7fe237ad857b7d71c4cd00f73ec38e96652d3ef8d3976c2469045bd39dcb902da176e3be5c400000001133e71723c355955502f819538a61981a9e8e7eb8826b5528352b45a55c098ece036609db977ec099bef19017e3a6434ef5b20d10181bfa982658f5a67f6e20	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 302fac13d5e7d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{486CBA7B-53C8-11EB-B59A-6A3FD5463AB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

804 iexplore.exe
2896 iexplore.exe
4004 iexplore.exe
508 iexplore.exe
652 iexplore.exe
3160 iexplore.exe
2512 iexplore.exe
2008 iexplore.exe

Suspicious use of SetWindowsHookEx 32 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
804	iexplore.exe
804	iexplore.exe
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE
2896	iexplore.exe
2896	iexplore.exe
1636	IEXPLORE.EXE
1636	IEXPLORE.EXE
4004	iexplore.exe
4004	iexplore.exe
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
508	iexplore.exe
508	iexplore.exe
1912	IEXPLORE.EXE
1912	IEXPLORE.EXE
652	iexplore.exe
652	iexplore.exe
948	IEXPLORE.EXE
948	IEXPLORE.EXE
3160	iexplore.exe
3160	iexplore.exe
3816	IEXPLORE.EXE
3816	IEXPLORE.EXE
2512	iexplore.exe
2512	iexplore.exe
1132	IEXPLORE.EXE
1132	IEXPLORE.EXE
2008	iexplore.exe
2008	iexplore.exe
208	IEXPLORE.EXE
208	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 27 IoCs

Processes:

rundll32.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 972 wrote to memory of 1300	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 1300	972	rundll32.exe	rundll32.exe
PID 972 wrote to memory of 1300	972	rundll32.exe	rundll32.exe
PID 804 wrote to memory of 2368	804	iexplore.exe	IEXPLORE.EXE
PID 804 wrote to memory of 2368	804	iexplore.exe	IEXPLORE.EXE
PID 804 wrote to memory of 2368	804	iexplore.exe	IEXPLORE.EXE
PID 2896 wrote to memory of 1636	2896	iexplore.exe	IEXPLORE.EXE
PID 2896 wrote to memory of 1636	2896	iexplore.exe	IEXPLORE.EXE
PID 2896 wrote to memory of 1636	2896	iexplore.exe	IEXPLORE.EXE
PID 4004 wrote to memory of 2300	4004	iexplore.exe	IEXPLORE.EXE
PID 4004 wrote to memory of 2300	4004	iexplore.exe	IEXPLORE.EXE
PID 4004 wrote to memory of 2300	4004	iexplore.exe	IEXPLORE.EXE
PID 508 wrote to memory of 1912	508	iexplore.exe	IEXPLORE.EXE
PID 508 wrote to memory of 1912	508	iexplore.exe	IEXPLORE.EXE
PID 508 wrote to memory of 1912	508	iexplore.exe	IEXPLORE.EXE
PID 652 wrote to memory of 948	652	iexplore.exe	IEXPLORE.EXE
PID 652 wrote to memory of 948	652	iexplore.exe	IEXPLORE.EXE
PID 652 wrote to memory of 948	652	iexplore.exe	IEXPLORE.EXE
PID 3160 wrote to memory of 3816	3160	iexplore.exe	IEXPLORE.EXE
PID 3160 wrote to memory of 3816	3160	iexplore.exe	IEXPLORE.EXE
PID 3160 wrote to memory of 3816	3160	iexplore.exe	IEXPLORE.EXE
PID 2512 wrote to memory of 1132	2512	iexplore.exe	IEXPLORE.EXE
PID 2512 wrote to memory of 1132	2512	iexplore.exe	IEXPLORE.EXE
PID 2512 wrote to memory of 1132	2512	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 208	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 208	2008	iexplore.exe	IEXPLORE.EXE
PID 2008 wrote to memory of 208	2008	iexplore.exe	IEXPLORE.EXE

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:972

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0.dll,#1
2⤵
- Blocklisted process makes network request
PID:1300

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:804

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:804 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4004

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4004 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:508

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:508 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:652

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:652 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:948

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3160

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3160 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3816

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:208

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/208-11-0x0000000000000000-mapping.dmp

Download
memory/948-8-0x0000000000000000-mapping.dmp

Download
memory/1132-10-0x0000000000000000-mapping.dmp

Download
memory/1300-2-0x0000000000000000-mapping.dmp

Download
memory/1300-3-0x0000000003F60000-0x0000000003F72000-memory.dmp

Filesize
72KB

Download
memory/1636-5-0x0000000000000000-mapping.dmp

Download
memory/1912-7-0x0000000000000000-mapping.dmp

Download
memory/2300-6-0x0000000000000000-mapping.dmp

Download
memory/2368-4-0x0000000000000000-mapping.dmp

Download
memory/3816-9-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads