hxxps://secureddoc00[.]sn[.]am/mLjRsaxPwGq

Analysis

max time kernel
97s
max time network
102s
platform
windows10_x64
resource
win10v20201028
submitted
19-01-2021 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secureddoc00.sn.am/mLjRsaxPwGq
Sample

210119-sbjk3gy1zj

Score

6^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1864 3080 WerFault.exe IEXPLORE.EXE

pid	pid_target	process	target process
1864	3080	WerFault.exe	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 66 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30862998"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d000000000200000000001066000000010000200000005e816eaae139478975db2f1375c15e83e18dd9a8cd960b7e9db3158c58008310000000000e8000000002000020000000dd4855a44799ed31bfcaa6f6949654a4ce22a9a3fca4013e8d1e41b292cc202ab0000000ddc9ebcb107b2fcb016f4c289c9b9a0e859ddd891de980289f829856beb2f9e2cb27131d382e2ae2e4ec43b26055995178e1f21c62697bc002edd94bce6f8b2c9c1d3255f23624b8fd4863770dda9da3a6b57742579f0087b58bf788601ba9c6400a9f9d14fbe428f5f4366b41e379d89b5784ea6691c958a9520bd4b07c9e172163fcc814691a5fc930b6c60e2b9d387a7854e53f8d77a386ce836ba4e4b857de257fc23ab4e81e451f99d66f861b6940000000e207881a336fe81b25b24d5aa9f9ecd5baaaf9208b748f0c61607b6d24c0131d234ea558e9485042ab23125de9a57af0011db0eb1af4cf768caef50e82c35f20	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CCA7837D-5A89-11EB-BEBD-42BBCFED91E6}.dat = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d000000000200000000001066000000010000200000008771c448054ce4d114dd5b93b44cbefe134447f252f157d045a1e4a92475055c000000000e8000000002000020000000113d1e2d2e29f3ff1cdece394d0fcc69d7b2fa8a38d6eb0b3e2e6b95f149749f2000000077778eabe452111eaa6d07308bd6314c814aedc2a68964c277bb68a9dcb9fb42400000006ab882d9164af63b2b1657f989b171c7d096247e63659b461c0474d02b44911305da9ad0733282407de0b542775b9f6bea263ab237e0b5dc5af9349122213786	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2643619266"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2570024764"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2579243567"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "317864901"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "317896893"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C4889B42-5A89-11EB-BEBD-42BBCFED91E6}.dat = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d00000000020000000000106600000001000020000000c2cb01407d54f9b31c5008af288cdda9add479d227feaaf2876ac6c1ed77b021000000000e8000000002000020000000b00fc2a5754d5360b47f75ea13588eb5ed3beed40888632a4531a4d7c50b0d5cb00000008c563e39c9e953ef3269edd3be57acf158cb087d259f26b6a15b0a91b6864ac16012a8531d74d1eecf305971fb7e7fe4aca37060d9ea10f2ab751438f5c9f65f77c5f606c56acdb1caa5b78f617af8eba3a5b0fedf2be7a9ab4d032bdb2982dd32c48e230e0d9cf341d96aee5ccd4c3b988abd2a06fed931593cf9e9c09f418f92453cc8aa1a6749dcbc5ad19d014a1b2bfcef537d66c2b5e767ff9d2559737cfea5f0637a42f8ccf7f02a2f3b4d1443400000000895deb6b16553c29b4bf6702e8dbd1b4290e3e5599648e53f05adb7d391ef2d4d003de604080483c28799dd13a92e16427333b298d1f45e2dd18eb2954cc02b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 703262ac96eed601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30862998"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2569869246"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30862998"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50ff5b8d96eed601	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d00000000020000000000106600000001000020000000831f460993f9be1de5140ba9bd92b9be8de6c87bf111e8aa39b87e9f759b6504000000000e8000000002000020000000cb729fb8e8d9bfb09dfb53e9b9a2d67b935c08d39b685950aeb66fe2d98d064b200000006b7b7273784dede7b6f6702bdcd277dc4612ded3c189d1dfd50821b44c93d8ba400000007da7c00aafc6af4cfe375832a4e001fa30eacf783409552c73268b687d7aa7b7c4f652106f90c26ee5b403bd0eea667d0c2c627fcbfcdf1a15095a9c4e2e874b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C4889B40-5A89-11EB-BEBD-42BBCFED91E6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30862998"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "317848307"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f83ea431a1a9554d9899d7aad776ea2d0000000002000000000010660000000100002000000065a572fd756deac7422c41300797556ff59edbbf9ec75417dab223adc5cbc6e8000000000e800000000200002000000073e618f4becb011294e9d079b67b961aa35d3b3931e453bf632eb237111c0ada3001000080b77ee9774fbf9e7e8e5c8c707b168bcbfcbbe697c98b313d4387bee303fe73c655acd5e2dcb17711b0a49ac38a7702a9821871d0621d7f89bbf994fde90d47b04664919b7d21b49f7dfa31192f706230d1701bae95d596f39ce42d09ae9045e05417566d5baa63f5a897a4ef73c68691baa6a937e3dbafc5f15d8fdd3e02c792238c14f5da260f7245b1da3bdd2d63612c8687c73df2900fd484b5f2ea0ae85fc0815001d28052a5b230254a7bbfe4c88083e9e51d282a531c968543f2b748f33dc728e6085f96473b646acd30fff153f639b12deb5a8a63f632c95fee90a035f7ca2916c88a0481ee91738aedb2f3b7962be1de9f2057c7791d3d6b38e66dbd5bb42fc0d2d2ceb1336caaf7a84f6df00d42f35cfc593c43f5b59faad4742d8899ae3950f8bc55be1d6ebab1a7d09040000000a11573611f8ca7bb643574cecacb7a4e4d6d98bd38cc7f7a061cd0e7662644a037bbe32fff7b46edc3722b9dd49fc9b4346c377dced30159cb2ac01906343923	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

iexplore.exeWerFault.exe

pid	process
1108	iexplore.exe
1108	iexplore.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 1864 WerFault.exe
Token: SeBackupPrivilege 1864 WerFault.exe
Token: SeDebugPrivilege 1864 WerFault.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1108 iexplore.exe

description	pid	process
Token: SeRestorePrivilege	1864	WerFault.exe
Token: SeBackupPrivilege	1864	WerFault.exe
Token: SeDebugPrivilege	1864	WerFault.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid	process
1108	iexplore.exe
1108	iexplore.exe
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3700	IEXPLORE.EXE
3700	IEXPLORE.EXE
3700	IEXPLORE.EXE
3700	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
3080	IEXPLORE.EXE
400	IEXPLORE.EXE
400	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1108 wrote to memory of 3080	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 3080	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 3080	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 3700	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 3700	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 3700	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 400	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 400	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 400	1108	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://secureddoc00.sn.am/mLjRsaxPwGq
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1108

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1108 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 3952
3⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1864

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1108 CREDAT:148482 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3700

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1108 CREDAT:148485 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:400

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
MD5
620de6f83f80e537568fcef17e2f43bb

SHA1
57061c25884c02e2480df13ded4a84326f989b96

SHA256
2fa34c01daf9dfbdb74dc03c3f377ea10fabf871bfa2640a2a694522a96e0d30

SHA512
4228e007af46c96e3f70feac59d13ff1ad9ec6bdf2176340cfe1762fcb49168cefd7930ea0b692f04fd0b65cc1358e62fb91cddf4b73fc0637d59262802f5094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
MD5
a17e7dcc10763b15af3483302b77658b

SHA1
37354de74572376e60a7163e115973f5eaff2a7a

SHA256
c403c61ad9fb9161b02665e1bfa1b73165ffb4056bdfc0f82664816f2b34dd25

SHA512
d72e40796c67068cac85209243e87fb5757f613738288fb53b18e1922671659e9a6bd705abaadb773a3f062ed1d8c9fba9ecbdab3930e793f923cb67e9465fa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
fdffdae672256d0ddb64a8751c4c05d8

SHA1
c83c5f9b2f85d5f12a0bca20bf2f524958d60e4c

SHA256
a0aa68adb045506fc5f6825987956b97ae4c49c41d6340c6929823b956f3da61

SHA512
440567471abe0409910b46f556192b8d6030aecfc91aee040685185771b3594aebfde9f296f8253e1550724157e325ea2f8973dfd210d76c4bcda876e73759d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
MD5
fcb4d489c9ab90737251a18f48549263

SHA1
ccde6e088571dc91c715fdc186e493feb60a8927

SHA256
2b5785523406dd0b92ab4f3f11e6ae62ac749589f5082356993f9b03751adbcb

SHA512
1fb18a39475afab056f2ff1958b7e78b68ef50aede26ca96386c9948b93c62a72817c7d1b7a17107a7aae0efd278b9cbfa439bbb534b9c212eab5c5bbd9841e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
MD5
c6af1496dcba3e992e974cbccca3ece9

SHA1
fd2a83ae1b7d6fd8d5d445b29313c886cf45d655

SHA256
df2ab51978780a879539b9ad4bb7323291c348a8654125520d3ac56c1fae29fd

SHA512
12d4d0a68e7a5ff385582c6667712a5e7ba48e4298bbecd8b486801e0fedaadaeb452472b1bc1f87f2a50a733ca859f35f6b828562db9e2929cf4ecfd7045612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4947B719DE3A32133AAFCFF5C64398F
MD5
7d29b464986e23566f653ede345318a7

SHA1
c7d56da5c281bc7c5b4bf4ef9c7139e1c1779eaa

SHA256
63fe9bc40a6eb43b0c362333c8fedb7f419347e79349b85f2d3d8d8322638d72

SHA512
6a1dc2b716d22573ff5170c691508b020eb3cbdd1de268c38fa476ddb1bc356b85c4ed6013f1a19c8a6b6150d7ea173002782b4e977346c2072a4f6b73e9c996

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
MD5
1a5b11021e0818c687abd43c09b77404

SHA1
166186eae4745f54393b3e4c1ba55e891462e928

SHA256
84a66c42a73fa352df00e297805aea088a1a2b7b511a917e4d3354a44c3239f9

SHA512
1bc926b45aec213ae8c0cc88ff52ff842376d3a25cf2daeec6745b50553b026ac9a08879c9e0ee3e800d3e671ce94e02cee347b8865b5c5e8ce20f9d7a20cf4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_862BA1770B2FEE013603D2FF9ABEAFDA
MD5
9524cd12450086fad73f45c0f0cafa97

SHA1
b12989311c668e0eb17992f8e774f4d5305b3044

SHA256
8bcc97b1cd3db5af6e2902081853e69758a1723c71b71640b382ea180f593e37

SHA512
d769dfa5b52960e01620222a6876be343a99e309d9a4ab38e03a16e00860e17e79b84752cf58e29bd42be10a219aa456b57698f2d39bfc37d0db802d2b38fa90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
593168e151bc4cdf52ff3eceda348129

SHA1
a3c933a70118147147aa4139f70a02f83d864ad9

SHA256
a00b6ad014cf28790b534aef23a8f892968aac81ee308d18a3ac3b7a621bca29

SHA512
b7fc5088f709ea39f565ed1f3d8e222cb51408c53409b3f6ccbf5fbbc3457415493510e562c722c19e6d73ccdd5baedd34a8f12434758c2a028a463dab4d7577

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
MD5
f8743466cc133fedcae6091b77aa4781

SHA1
0f7d92de710d686034f17eb4f27474a7e60324ff

SHA256
9ce6346473de55cc6db1472352173be08752714a9cb7534870ace8865fb6d4ba

SHA512
8447e2898865cb9abbbc98d61eee2514a96865ab2af08de67f55992ab6f05aacd2120955b6f16ef12d11f1d942f3c45ecb63358300f794819effe1a83cb7f854

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
MD5
b16e658f5a670face2661715a6d53d0b

SHA1
b64612bb61dd40fb65822546b911880a0a7f56a8

SHA256
ae909eadb58601e455aec3586ab3ee0c327f06083ac3d6d017a2b178679cd184

SHA512
beb8350091ff066bb64029133d38ee3bf4c8fce5c9729db2a0350480f386c02eeb0e949926924e4f19353734ac166acefef7b6c9ae5b416ddf3a0b5f0b1b24c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4947B719DE3A32133AAFCFF5C64398F
MD5
e339c9bb2d09d867e86a5f46036da3ca

SHA1
94d2c908857eb725b4cf88c8a23f87f5b425ddc3

SHA256
dea3e78825b3b9f6fd9cf24913ee6eb7be69b967131f710f1c2fee925ed5f8a1

SHA512
fba02860eec4551bd84117b20ab756a3cfdcc63efe012450c6b1ac9ea233b2e7de9e4e0ebd6f103cf15f9643dd4b04c8f33eab05d487820b0407fbf971745902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S7PGJ114\401[1].png
MD5
97e080437e1a7f53319b968f26936fd7

SHA1
1cdb2c00cba4c5d96d590506aaa562224b3b4fca

SHA256
3b553cd6dc92bcfd292f08c1d6da20f5dab146bb8539353fd3e0bcf3dcbebf60

SHA512
c6de36e426c27bac04e1f4fcb084f1223f95920f0a305aa588ca2a37acdb85a9889f8ae8ecf929c3ce86b6000837a32db295183638ad17d19b7e77c9580bc406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\5QZ186P6.cookie
MD5
8c9aa8d83e66fd5a63a2e2cefa6cb143

SHA1
f2234287e4a374ddf9806d76551aab340e0c8daa

SHA256
10fde912db9683f404a695591d4e7b057c0960ca03a1671af42c2d26e8c810e8

SHA512
8eabd25671a76bed01a71d552dbba324002a2f2c36352e2f13ea2bb033a582336dff60c80ae43e72abdb13236bf2054397aaca56617cdab67d94de440373c80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\NBR12CC1.cookie
MD5
4a265f40be9e6bf2ac2bf967b747db38

SHA1
8c9b7a4a61b51921e061811eb89c3f7287379c58

SHA256
43fa287b4ca305366e542181acd8aff443e7d0d8c1a24e221998c30feb17469a

SHA512
3a55da0c05b72a268aaee99ec7614d609aa73c5edeb91b4dd46b1c3cf7caf7fca01ededeed64801e15688ff7f54edda8f8c29d490d5f35268cfee1616e4744a6

Download Submit
memory/400-17-0x0000000000000000-mapping.dmp

Download
memory/1864-20-0x00000000044E0000-0x00000000044E1000-memory.dmp

Filesize
4KB

Download
memory/3080-2-0x0000000000000000-mapping.dmp

Download
memory/3700-9-0x0000000000000000-mapping.dmp

Download