hxxp://www[.]google[.]com

Analysis

max time kernel
104s
max time network
106s
platform
windows10_x64
resource
win10v20201028
submitted
04-03-2021 13:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://www.google.com
Sample

210304-p2bxm12evs

Score

8^/10

bootkit ransomware

Malware Config

Signatures

Modifies WinLogon to allow AutoLogon 2 TTPs 1 IoCs
Enables rebooting of the machine without requiring login credentials.
ransomware bootkit

Winlogon Helper DLL
T1004

Modify Registry
T1112

Processes:

LogonUI.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked LogonUI.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked	LogonUI.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "292"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6350"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "377"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "377"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "216"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\about.google\Total = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b83017b8c1e064e8bdd2b05c9f6e3c2000000000200000000001066000000010000200000000d7c5542b182c3c45f78dfee46256f88e55db13f9789d99c59b077e31e12ec7f000000000e80000000020000200000005da675cb058e24c4365b0d6116bf298a2459dbd0e99a90fd1d9a28f33ec46593200000002999bc576f6fa02ad5e950d7bfd51fe107489baee41643ca3a411a276cf5eda340000000d42a2d20c5e7ecccc4ed5b5fa9a5bb4a909735c5d3c922e62e7508b0e4e945be63276d409847cf6dd26432d26fd7e37e5020d21dd05021ec36cda2d8654ca483	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3487998328"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "216"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "815"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "821"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\about.google	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b83017b8c1e064e8bdd2b05c9f6e3c200000000020000000000106600000001000020000000996b4d4f67d087503dabcc69a758a39e0a9cf2ba2f7c3a81d0c13d8a935fcd27000000000e8000000002000020000000b8f575aed8023f92e4d76513ed5225b46167a5474532c075fd2f0e86b6e01853600100001430ed81495e2c919f2f16f85a0d3bcf29d74a10f0b6fe42d5d4fa44f3fe2bfdbaeec5d128c5ea91a7442fcbe12c6b96f0ec55661a466915400977fcfb563618ba62ecd49ecd7c86feddc462af774b92c42ccaa154040630932ade35def43ea74662d5c919e28a95cb400e9975d4b1a09e1fc12698e3eea7112286e1d9119fff5d6205d5c30f3fc810fe9647689a2d52556c5617f9f0c492b2b520ee17b66385468a2c4976a2777615c04f066b105d049abbf563c4751cb2c2593bdf3f389d7d7f723e3588d974b382cbd639361fd5323f2de44b19a8fa7a8ec9e8e64d8f9a7080ee54a3266a34f4cd9abb74a4b86a84a2fd88094d76ce03ed7ddcaf5dec699ab13f39472f36a356f42e9980442ea93ae8dfbeb065d8e5091bb0d40f2ba1d760e044553cf5e1830796cc07263587a0b2caa934d7e6cf9c3f32802aca85bc59da777f65e8ce0cf7d8e8e14213e1bbf13cce7c0d5954dc312b5b72c3bc7a3905ba40000000fba7de5e1f99e6c33ac6e01e12352c1426b40aaa471d1c0110741923d174d7ff948dc41213ecd4c35e7a0c8dcf6961950c624b3ea95d09ba9ee3bf6ef00196da	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "292"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b83017b8c1e064e8bdd2b05c9f6e3c200000000020000000000106600000001000020000000a74c0d34a1cf86b5be63e48abb1859051e92fcab4733754d05f889b45000ad04000000000e8000000002000020000000c7015af651cb4747f12c156d022ad92ce0d4ed18d27d1b7911f8e069782cddc7200000007dfa9a3edb84fc7e24b026a7c2f094e632ccf38f5cf2338e4ccf261bdc2b4ef94000000034a2d155e54ef288f4fe91a6c31cd5224d9c852eb4271f1afeaab5b8336940b02a757aaa5658ebee72710aee7db97e138103c9b5ae36c0240a9d8a405e8e8a22	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\about.google\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b83017b8c1e064e8bdd2b05c9f6e3c2000000000200000000001066000000010000200000009cf117310e4c2f4499e9b9fdbb175c19e70f5504624483a89102726556f6e346000000000e80000000020000200000006cd80178034ec54ecf08f442c1fdde6678f40c0ef7d37b8d04930c95f0fe637660010000976332ed311fd91a461168a5048148e749d51bde00a26d3a45eac60440c6c1cf5f312b6a2794cddb8c341f51450a4220396b4a387632938053992c4502ca843fa4563ee6b3e7c25d894b4ace2fcf6baa3776bb94c3e038a4e4a9694d6aa9cedc33f41981df1bc198719897527bdb3bb594b4de5426cec15e9c922a84a8d343a2a674e5b5fea5382e198bb8fcc4920e14e36a63a1cccf52360432a5ef6faa58eded307811de67ac731c823f7de05e29ac96c70108c5c7663503031843e78fd4225f962270d95887ee77efa64de94109279599fe3aec2ae26dabf600e388338a47c6ccad5f78b499178ff16a6efbacd0a348883823d79ebea6693b6364201a43cecef19bcc46dba3c84cea8065bb979082c98698d19f815e37086ad843c255088873bb16f60878c00d61236e683ba0a232441eea2551ee83e75e7b913d191970a262ed6c660ad53608d6adc12ab4acd6636f47b44091deb2257543a10256067dff400000003e12687ffc048251125db4b8dea28746879c1f38719cdddb1b52868f5a039435c1ac0991f3ff27f2ec06400927dffe94cc8351190179bfeb1d2f3b09ac52e024	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "1107"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "821"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\about.google\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "815"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10217dcbfb10d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "118"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90867ac0fb10d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30871803"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "821"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "118"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "815"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3497529424"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "210"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\about.google\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6350"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3487998328"	iexplore.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

4020 iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

iexplore.exeIEXPLORE.EXELogonUI.exe

pid	process
4020	iexplore.exe
4020	iexplore.exe
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
644	IEXPLORE.EXE
2152	LogonUI.exe
2152	LogonUI.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 4020 wrote to memory of 644	4020	iexplore.exe	IEXPLORE.EXE
PID 4020 wrote to memory of 644	4020	iexplore.exe	IEXPLORE.EXE
PID 4020 wrote to memory of 644	4020	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4020

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4020 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:644

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3ad1055 /state1:0x41c64e6d
1⤵
- Modifies WinLogon to allow AutoLogon
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2152

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
9173ad367e52c7cc6deedbe67a402bb2

SHA1
52279887831a56dc2e8b667afb8b31133fa44bab

SHA256
1cf9ad347bf1fa48791e724498a9625ac1e8261a026e633777a13c9a4dc0784e

SHA512
adff34450cca746aaa1b9daed0b9006d959618bd40d7ddcc74d2e7dfd1c6e05a4f42ed1b6829f741a9db9acd1d3808ef09ccf666386f16a7d9184f6210ab1908

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_026B72F26B1094C30A55CD164E2E6B02
MD5
c13b39b44c8fd1581cbb88328f50ad5c

SHA1
e9650e335e4d7b2c3b5f7ab4cb5fa52c0bcb5e27

SHA256
73ab1ebff370a93a7f0ccc5af227532ba4f25b609e9f04461c76dd5007fe9182

SHA512
e9d77ebc660dea5c309c2503463f743ea2fbca2c66e1d82a4f9827779c2c87861e6bd9968f0cbf90f8823fcb4d3f0232f8d2c2ccd656000e5b9e6ac76081a547

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CC197601BE0898B7B0FCC91FA15D8A69_89435FC99EE99DE539EA4AC53DF8831C
MD5
8416b69b3d1f99dad0bfc548cd01b635

SHA1
c2b870fc83b3676d26a5214f9fdca5324e5918c1

SHA256
e7ac1b092ff04e8af7b04fc9278cc3eb8d35be9bec90b194b61f645e8169f53c

SHA512
1ac1a7c3c4b56f64e01bbe2d0e365d39f3cd8bdb92fda8a1a55dfd60c5a61dae78ff7b076541b713a297356a3f876f4549e73d962b954054665bde07d91944d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
MD5
48d7b88f7986388169c9f46bd8d48050

SHA1
f34113edae5d2fe7046d9250a019bc19cf6534cc

SHA256
679a3247b5f50991c3aef6f491cd5a5b0c55f11693a886f6a7cfed811f108cc8

SHA512
fb43568a8419777a45ebf4a6325e3c256ce0c464fc9ecb88fd924709aa0ab2b631c027fc258e66e1fc5616f4d252029d926d31b29c445c8af31e4aa70fb0d21c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
587cf0a8e02c3ed6641f20ed4e99f1fe

SHA1
3d2074e90faffecef6aea14fed5188e7d5a47e87

SHA256
881f3051a3760f1f5506d3a0bec6e244202c6d81fa5ff97c51320c3e1d402842

SHA512
0c62f29bc095f8af656c87853a9096a47fd121b13ea4955f79242bbd60f636941cfb8b4b20b9d666ed4452f0965b1951446d69751eba3a36a27edf3897d64fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_026B72F26B1094C30A55CD164E2E6B02
MD5
6672caba07facc978578b48c878e2cb7

SHA1
ae9392342371106c8435a2e201602237f2e33482

SHA256
c8f376b6212b6d028bf15ed88070c4038015e862c0767eebe3a268b993324ca5

SHA512
90982d352f1541e67e6fc093a86412e59bcfabf66552c89d9625c270a65e0411ffcf95a2a6b8fa48e7f8698f8166ed26ae063f9db181b64db905b8ed9dcd441c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CC197601BE0898B7B0FCC91FA15D8A69_89435FC99EE99DE539EA4AC53DF8831C
MD5
d73cb6b134fc0a795475d5a47bc3d4b2

SHA1
48b114edcc458da81010f6e3a064cecd4d11be42

SHA256
fd99eddf4196bf25f9c3f904de16af0c480483aab6b4d3e0a635c8c3ededb0c3

SHA512
1b545d6549c1057e602fd09473ff6497427417a31fb9ab0d9856453c76c0d42db422c3b92b2a0cb1026b0a122b317e6c11743ac6003179c7f1a046f58d9f0351

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B
MD5
e3c36779e7f1ff6f6fc84916d643d87e

SHA1
7e229ba7e5cadf3762c9c3660300f5b3cd9b1503

SHA256
1ee7b92760fb53bbb5a249293914e3eae48b194616502f84ac5830d01df3ba4d

SHA512
323927bb902818d210c3ebf74d58de29908db3318638d82cd2a3008fd6e34b26ad5e7d64ea7af998030b0a0eb82a827bd2840844b164135a8f47ff0e6c84ad78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\55D64KGT.cookie
MD5
7541c612e7c1a5935b8a5d5cc0660375

SHA1
55af510cf4d02ee5e4a11e84b4055782f1809777

SHA256
f479b61f41bc0be20ce87da4ad117bb11759f0fd6b29adc8a90a6cd8438b6930

SHA512
7b5dd3dc491d31e33de2c7b488d78b9a3b4a2eb810c52a0d645d8b1dc6ed0e88c2da31b6ce9c88105ae7bc199b260707ba39ccb51a1862c74a6e0e9a5b091805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\6UNKNZ15.cookie
MD5
0becd00d48025b319cbf91267bf7e5c7

SHA1
f12a790d3fc8ff738ae6066347afa03eb6011ab1

SHA256
8c2137f92131b4c3806dce7446bc340c8a18858006629d4ea5453e1d71d59b31

SHA512
df711f7df51e34615ecbedf6ad96b4057fdc7ff86259470dd8537bf6d28df969c05e6d95e6ab7430764e0aaf7e25d80fb04803b6d0b2f86eb8d06142b57a9964

Download Submit
memory/644-2-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads