hxxps://exitmagall[.]xyz/iduew73

Analysis

max time kernel
141s
max time network
137s
platform
windows7_x64
resource
win7v20210408
submitted
01-07-2021 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://exitmagall.xyz/iduew73
Sample

210701-vjg5t6h6ma

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 50 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000529101d5c9814b4eb0f580b37542e4500000000002000000000010660000000100002000000014268513d776aa7d992dfd7ff53a2f08d1ef6285d682f38e5cf51bda7cce8bac000000000e800000000200002000000059a0db2e00bb82bc0ef62cc5caa11e8bd94d550ebe3c00fc63dd7ac2c0b101a29000000054f35d98200b1ddb5994cd06260e76c9b72a13be31932f95252fcd301ebf956588a6d337df5aadf637bff87d4d9aea707acf02b111f70d6359dad4e79f863b5b3988ac9c900733d28ab6d20e0d5d86159441945496808f1e54b0ed6bc447b25ce06ba866f34e4ac8f0c7772a0570667a03593e3a4ae982a5a7d497f64c9badee8843cb945146a00c555976cc186054d640000000978d5d75c0d8576b13cdcb2ed20ca9a8c744c8f3f631d11997886f8692d1eac01ebdf1cb3ae86d4ab03ad4f80a54e61e3529f2ff3541b523e14000743988d186	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000529101d5c9814b4eb0f580b37542e450000000000200000000001066000000010000200000003cdfed2ec317580e5045223a3183b646d024f305e72c62eb40d66443b7a47078000000000e8000000002000020000000bd4073088f98f2173c80754af562b11af35a2f088a927bf2f381ba1829189223d0040000ace3ed15dd8f4cec9b3625a25cb8042385984f849daa6345308dcdc5286ec606f9211f4b9f3c53d3b9561750f7e89d8d8f1d5c8ee3c1cc4c9f51b1316a04e33f6f6c69fecb35849c29ad36661729ac8191ab35f2a0e82a76782760adaa19a617c433fbab610037229494655615093b532fa70c098bfa5c4de8b7947845f64707ada2bd5b4896b30111068d941d117c9ac159ff3c0ed7b11e1e6d44e3c929ca7c9500221f6003d32e66c35c5a8412211a9b4cc7d208095e82a00ce66b09ae0808685fcbb4af6432b55edf455aa79699fb4f96b1cf623f84ce3c4c156425e6b9eb6a469b6e1076805c338930600e856273e4257af0d191248b5c2141c9465e6ee6875d6716761f13633efca56e450ac0cdc76fa3858e7d03443ef76ceade71822bfe428dafab67bbbb407086e8c32235e5783e2b28346b0316639fd1983ffdd13b59e01f6df7c49c4f99cd54e60c18043efd5ebce7c3f2357991c90715be39e6332e34b7ffbf0b0024bae0dd39e59d82e95052c41cf0bbb6b15f653ab4bec0919e329abc2159ba698d1b03726914a2622d91c8ea9b1ec936c27da4149725fd6fd0e058054ae877bebf84022728b143b50a2a2915b2cc60d23bdd0e1c4e39dbbb49c4d7ac079636907c5660bdfa238233475186a3e27a57da1d147d8b03a83a67fa50cc78c38346ba821270e47f6d13e51e9174f842f4c356dc7ec0e56f1daf3d0d52ab95443c8390d96fa360c49a95857b64688cdc95885a94dad2f82bf8f5f5619e78c68809f7c2f9a820f4c08f08a84a36a2a8568f0bd38f9e546b3e56811cf24fae4989ede9258392dc3759f9ab4ef8e22cb418cf6d21adccb32461f82c1a2dff746b77c4e31c854a9a2ed2932ef4dfa49007f41f980eef27fc397c17e5e95d627840b064fd160e1ec4920a0eac263200b98c519844fd4df65e511d4d121525caab60da7ad64ece303f8fbf70b3165e1626a148f9d1e6cfece0ef78da0d8989149ee6ed59d3ffc1494f0fc3e45648b5bdebd50746fffed152e2d44b24e2b9b0be891f39f5cb4b29434deba4e7004caf2d061886e01949272952a067621605a996661d6145e747568e41749145b28dd45419373eee83c1299555209898de4b6cd0db62df2dbdd25970f7eec51ad5b031e78136e7f04d213c6e0cd25c286d937f6d91d788d9e52569d00b3a248226e1d0652f8726519433861a0426ed4dc2ecfbe552b7dd914824f87164e9abe72ec8e2ddd1a13d6539fbf61446ac246c06e5b75ba5c2e60ad160b76702817c4c87fddb14d8e4aa63423d4d0b803c5c42d7e5c1140a5edf427c29eb6efdbd3d8fcfd52a8873b61ad3b88b78e8e60eac4768cc7b9372e39444a76125ec446783f17d34bd3ab9df1c4524e1473d9adfa34705870e117d6e74293a6cfbff619d8bbb13d142cd2de67821a5181fd1ae3da97c1e4ec006e86daa0fb1cca1fa6cac127a80a16cb616463c71856903d63d1f27b4c818abcb7fa305218cb77d5e80c45ebeaf00c19e5f48efea19bcaec156fb061084e9a279af34950c76e3115840baef25848f4311228209c8229ef0e737c1f5930ad8544cacc4e76eead47cc4e32a2c31c331560af9eae11a64625851a3cff437b28c3cc77d0ebb615d6f4dbdf8a7fee7b8b6c84a03ca65047349adc0cc418da0ad873a6c337be949326525517c3bc714e72e5a4facad5a06b05013adf28dc4a36be9d04171d6860af4a91732c6eaa73a34a6db400000000574006130c23ffd3f8d4063299d3003199da6499528c53babe9eb1d7be9400215987b085d0dd97a1cb495c69106724e59fc5e7f5055fd6f62f3476791fe46d5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 902817044e6ed701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000529101d5c9814b4eb0f580b37542e4500000000002000000000010660000000100002000000078e965c434b75eb6d297561d1ce3cb842409e0d02644b58cca3b30fafdc88d78000000000e80000000020000200000009d8de9f7bbb5606a846073758707de93a6e67fa24313b65cc81ecc4196694053d004000041b4818525cebebb39ccfbe7ff5e91e93b8e88826fa433a0cae068187b1c264129c9f1c88bf253787fed218a850591094b340d842582ad1615f1ad08e5b530838201110fca521772391368e5684bf1411cff2d64c9d3d5c4ee718e19ea8fc5b453b79e922fab7992b14081800c7000cd2fc0502ec5e0fe8419546db4e6f1c2abea004c74e4b43a7aab700afb6b300bb08fb99f9bb7bf562ffffcb385502604c323a53f0cd8cd47ce45a21150a9016bfc7a614743761b0aa033b6326fed8b092ab0240afdbf4ad460cd642399abe2b06a85891a08ba08b457baffe37ab4e13e93fca647dd623ae7d184f6afb145844bf8dff0f8b62c0832874513f749bce48076af43ada00ba0f6dae5e7bda56d3877cb6e1e2861f7e939128152b4a172d4fe519894399a0cc2d0bde21713934a856f7339baf3d6ffa2f5d8a7ab874892f715b36ca95730037740b5d1fb2d2a16ad3cb4f98b2b5cfed427dd00a3367101556d938cdc839de47802f028d0569bc272e6d1c9f60a73bc57b97a8dc7f0590c071f67b88eb9ed9d8002e3c6b392dc4afd7cfd6960eee3cfc07e61dc752fdccc2fdc462f50f1a29c89fb07d9354dfd17e2de48174fc812beda90b01587ebefb3d7bcf80f60d4214a0ba8fd8dd57e4721bcd5be33daf6e99a608cb02b35867106816f30c8fa2f241b52e424f19f5fad3102bda5cacb0e42ef185ccb207ae8e03793b4f633469bd993d94897499d8571cde35eaf3422d581d98f92ce3090c63ee41b349971dc373e3c5790cb92555988e2e4bb5cb48f54bab3e3c352d154a78f2e333033c85b2b3d639950e64ef38bfa779922b300466c477523148889c36762091761ecd5b415b93f9a2a635f537dfcaf25de08a2ecfde999ec0f97d819896c9ae331c52087d4a7b3e8bc3be364b0b4ab885a1be6384280d6a98f4f09e38e6b29ae5555166659d82d0072541a9bb769758b8c622af7416e6f9a05a8e320f5ce59adb999ae96d6b310a47017c51eadc7d8a82af540f4d7164b6041fe576e8602e1289cdec2771f813f664265f5173989be541d32d51d2f236833d1ce0617284ff052dff0932e4775a6c6c56938b44a9fde057cdb1e34e383f9c5def1ad0631c250d42bd8c8c519473c2812f9e3c89007ce8919cd83991d99be4f1f287085dc8fcf569a1736eced8d82e6cae001361eafa1052846f0c582ad60dff8f7f03c9a9e9ef382e00ef0dcf74e7f2c59051b3993474bc308216d9ada5f713e08f027f785f513119496cca44dcc55f14c2ede9469480c63426f2f9dc808dad6514e0417b61fb3babaff53ecd4edf1685b41ae88052b548d6ecd643acce1fb01bcf6daaefa4fdc9f0488736732fd759e02e42de596af5bd73d52c09b4474eb15f542a82b126a06ee07db2ad1fa8330c129aa2b4d0bbc4fc46c6ba6f3508c6e14197f13b19d7597204610fb56c6ccd3489a1ae937c99a4aebfaf843984519e703ded6cd8d7a605d8f22e494ce6023f565356ec3ce2204b09fe99c70295e2ebf6074c8b6c1c1b8c2a29df327c8cdf16e7b5553c26d34838caf8736536c0288977758c35f1c2b568977a11f88f5f626c945c8278f9aece74f8911dbf2351e06f5f6c1764f6d8aa66dccebf0bee03a9cb7bd86f9458c0f9fda640904508d246881bf47e3e383f87cbfaf35c23e4089d4a5426b3b387d801170fce2a0455da5ccb9bf0da364f8bface054b851862e540a9d0b3a58ba96aab2a69afb400000000c4361dd9acd73d90c2479f996c0fe13287451135ec4f472d0f832c2a0a8a5514cf4249a906d359f59739fa70342f3c37876e469e1c577b098efc79cb210fddd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000529101d5c9814b4eb0f580b37542e45000000000020000000000106600000001000020000000d9f09bc2df5ff9478fc3e3cc5b9120cf7b4830a237104473ed7243a14f0669e4000000000e800000000200002000000028b2ca509015198c527d0277eefc4371bf55683dbea4513c0c7809d145fb829ed00400008957087a66d8b6ed112bcdfdc10df6fc17c0a90b53a19e249bdeaa2e78f8f7e0e54e997386a3ce9d14b77d2d8a745e3c654c9892151b81a23da0368092bb98f5a4ef38958f3c6d361f6687792a500bd270b96cc82a3b41aaa57edeab9e9afd0c132a4e96fceb08236ef366c9633feaa3fd86362696e4949c264266ad5b9166efdfb69130176424d64fa4ca2031524e5b9249ba68d675763429b2498a76e208e8afdd863e8f5ae667d89d8e00c9caea3deff395a8031143047465bdd607bbcdd590310dc66540d4394d6434f93be60a9f1087d2484decc43c89db54757a007ce15ab1b1a9f9ecebb558af76941c47b571e88aa2ae4500dbab1c516825ebfbf43530d26a5667c2345b3bb2635097c7e02bc03345bebcf30ccf0ee04fc5625252f87aedede4e6f5a918a45921c45eafc16b955d77f2acb2bdf08c7225a57c97cf9034b3f9b040005124bbf80570a43c4d60ba1b0cce35f2c9273f197cd6060ddc6d74d1bc7c83f7f0d9d8993ab42ba102045c8935516206149c806a5acbd3fd1903e1b3dc862fd3d97192816c5100b00640fa1a2997e517eee4b60b6b3f23f3a501b8c03370bbe48b06ee0c2a60e82f8c6aa0892ccb4e78d0a346a4cb77d702b8aa71d58ddfe03d9176ef4cb37156e46ee65e142739394cb37e2b8c9dbbc2f614a92f6096bc8ee0d9a0cfec26a577c682b3863b90b0f9636be92dab01295fa78bc409d638963e00eacc6d9016e4846d5d0ba84bf8f04ca8b2e3cfc0847f20186c77200c14cc840d8e7a7ed0c190e15ad8496a689eecaa868dbd55c3277d94db7e6889c049ce4b1a1a3a71b459a84f5227863cbf35b89668e32986f52c1b60d13963b5bdf0afe9ba4f1eb9a29e723f238cf7d24a06b4a68cc5718d10a6ef7ae4e2178d5424bf7d2d12310de78ba3bb29f6bcbc2065e015793a85d30813b86fcf500a7a74db9df6715bea171fd32bbfa139fc165c52f123dc092ef38e555a9daa113a2029c9bb2ed4315451fbaa788d762b0ec528a89319cdc919573a07ba3d450051488cf67e7f2e3b27df9321883e38e0bc4b0271d85cdc3998b53f9cd254cc3ab97990b46d8f9bdae9b932cb8ac62ef9f5dc07f23546e7a234af4def2fb7d3b999f84ede6eccf85200c368ded16981aa9cf1eb12d753c8a7107ecd354553785ec15184827c9cf05faa6213fa91524fb52ccaf5f59ba3881473a42813adaa78b108fef87b7d74b59c9b76880ee48253eebb9853078ca9a3577e92b32b7cad4095507613b03f6b363edc50b9daae44550c03dea9776116a0b68f85a942332e7521272b90ff83b4118446360ea0ad58b8aa2a7a49d844d2999ffcbdb95157a1eca46c05bc55e7e3770806c733f696d3fefe2fde02c6cb100df055d0168fcf599bc65c224bfa810a0d7982072a124a10076265489da95a11602ec1eccb053f2481326c10cf81a2004a8ac8a492bcfb6b3dbfd02bbe8a2601166e9c1d265dabdabafcf81f6a772f6a7e27aacc2b581c741e32b1b4a3357ff937800295a32a7234e0d0d5fa2cf6f2331078805081c10b611c20dd9bc20518667808754c4a676b2ff3a15009c7e128361423be9a4e28aca25171d96784d6ccf9ce6ac0dd685e5dd318d76f1bcba5fa34bd502905aa179e0367179caed56527957556aa2884ab1568f68bc7f60ceb1d0d25587f988097f2a49b2ad38972ebb5f19ab8db438d3f1f1f4cd3e3d5a6eaf480514f30d2e0116055b9d9b740000000ecc045d3ea8d04d8e04bcf3a513e3f4d88502ede8ea882e754377d33594d9d3e56d6c18e13b02b4c07c48bede298e200233b6104f4de5c02c2d9d5038bc867c7	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000529101d5c9814b4eb0f580b37542e450000000000200000000001066000000010000200000008689bdac1a62f20c8dda61450209582c27cec5ee62b8bbdab83c56930cbb487f000000000e800000000200002000000071603504c49a11e9abd63bb61fa76192d8f36b8868152c3876b2b9d1c19bb7bf20000000b38da92be240e631597b0cbe81daf0c6c50b3963e8eeb2ed0b0b0f70f80ad8ab400000009a7169640fa2d80cf9d94727bfe512f7ff6865d4a3fdfe859055da25fb9544f53331c5b970b2538954b20cf417eca39a7e861699e5c5670926b07020ed0952ab	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{34F80B21-DA41-11EB-AEC4-5A9049F94F70} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000529101d5c9814b4eb0f580b37542e45000000000020000000000106600000001000020000000ad203afbd36c2a67b03190c726dc69d8a6fb3af2df4bcff26c0afc88336da99e000000000e80000000020000200000002474bff1258ef85efd7c784a2c84730f5c5a11b0fae790e1da5137005d89a6d1d0040000e01121b461bdb4ad0b287a6a7a3db01c58b256b54c10cc733c9976f495a8cd75253285c00f38e2acb5bd52e5c13d4a833141844f51b671478d299c9db48b7b7b42f1f6f4b4d6f77ad1fb37a5039751511ee91c716e75839d3a1d84ff920c669d8ecc7eaccbc59ef6eb7dd732d665653361529908f70bc1f48c99dc49247bf5391c80468fdc35a963d05a6fd8bd0188ee02091834ec6e6770f65156d11afa474c1bb832e6a6c7362fe63fee11baf2024e96a24de83cd04c2213e7229b0063b579983cd9cef1406f0a75887dbfca5ada06681fe202304b7db08b83dbbac78fb38d0ab1161b63a4ceb1f2f20f49cbee45c904514def57737b5a291b6b142949c4e94566539793784f2c34b6e2e66adabd4d1c38bb446d30ac33ec751358c0e670599595ca2d840f8b21571383eecbf5d22aa4f257faf7e403074485e077e373ccfc9803c01bc984788575f29489e76dbf0def46588bb629474c7561627f53b16cba0eea4fb4dbd58bf30a040a887412bc3c051da1a9cf42b7673878b184640e1ca42114bbd8fb92a953aee602225f39a1e599bf1f1d414d389f3ab4ba38d1c1e644b0ba9ce3f3e16dcfe90df95f886a228cd5ab349e712f62cfa6d676b23fe74970694391ae184d2e35c583583c842c9df1c484bbc20d3ee7c58c2bf181bfa1e9a9688bc211886b6a1c84ea7a8f41c65c03c32e8e6306c1f0089f9eee73d31526ac670f75cc98ce02d082f7664a610b544a957fdd593a57336b700caae774b0d3114c5f5dbf2a3cb09b9018ef1d1030b8d4467ceefc74db678b0e96612872f747416f0b972eaa28d68fa5a790c66201d78986920d911b145e6241b9a14f7db2bf0400cbe7b873b82b5ef7c276e0c642fee58347ac2f6faa96a2679d50bef1266a80af04a6783cbe8feb98c624fb57ef8a881d605d101659afd800ce2eecb215d8053b99f7bd36482eaf52a77e26f28d1c9d8a4e58d03d72c298edaea3783c27b78e396deeee39115a1a489bfed5148745f1e60f16ac7ccbcd8f16e8780a609dbdaaa8f7d6d63ac7cd49436b10f042e98b72ab537b16970ec1e458887aff5dfad2773a02ee65fd53d6575304376e70f81e2e7f845e2f199c20506db1c8048a931520c232c0ef5d483cfc58e6b3bf655762bba2b10b1138ed2741e628b2c901b22c34c077b965b36e84bc83cae5c1eb3487081f4a5cb0606ecd4f1147d4feeb16ab5e3b58dc825922aa6dac7c4e2d01ad0d8d5ccb842dd19481855010d233efe0f99af7d130d79129e02371ed1f36ca24dfc16a2414748a164abee29f0cd295c816916921030a84ad4e397d487d37008e92bf39274764aeb1954b9bfc3be7fe984f0542b74b24f2faff7215c042f29a42a8c6851dc12c5023a14b9f0465fde026827b8e20231a49e53d089be7bb8bc4269771f7831c0c1b438df31d3575775a4fd3c159ce1d47e18fae9ed17269690528f2ed61e4f28f8449824f3e6b2ea63f959bf4b68df183b3b7e10c206e5535ce163b6c064681fdb2bd3b360f62257f47483cbff155c94b2e9fe0964c11c13f48a71a1d668cdfc728d2e0f7c0689a540b511ef783b4b91efa98163f652af8a1cf205daa59aba1f2b7ec10c292f26d483bf674d177e145fa28a85c960494d7aa85dfe84a9b7e1572aeb1b8c884876dca4d1e33d0bfd1a1954255448971d7d6a723df4c80c616437083511dcf374bf65e85420b5bfba9768039f9bfd557e6a6e327b874134000000031fb595aa9037f3c5d458d649820040955e9327be2ea8ad14f76dd0b6388cd49690dfd07238065fd06a7a942113d6ddf90b2c6ccd6c9743a2b803cd48f76f02e	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "331890892"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

684 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

684 iexplore.exe

Suspicious use of SetWindowsHookEx 22 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid	process
684	iexplore.exe
684	iexplore.exe
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
1960	IEXPLORE.EXE
856	IEXPLORE.EXE
856	IEXPLORE.EXE
856	IEXPLORE.EXE
856	IEXPLORE.EXE
516	IEXPLORE.EXE
516	IEXPLORE.EXE
516	IEXPLORE.EXE
516	IEXPLORE.EXE
968	IEXPLORE.EXE
968	IEXPLORE.EXE
968	IEXPLORE.EXE
968	IEXPLORE.EXE
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 684 wrote to memory of 1960	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 1960	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 1960	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 1960	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 856	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 856	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 856	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 856	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 516	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 516	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 516	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 516	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 968	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 968	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 968	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 968	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 1332	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 1332	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 1332	684	iexplore.exe	IEXPLORE.EXE
PID 684 wrote to memory of 1332	684	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://exitmagall.xyz/iduew73
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:684

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:340994 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:856

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:472081 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:516

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:275500 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:968

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:537629 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1332

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
4dcefe96654f86f39d76f047039706c6

SHA1
99ca4ef6f1d46f0d085fe6729ac276b1b88d9415

SHA256
793ea9de23b0835c1d182a77023e4c2cb45fe13417c16996ac21ac0cee62384c

SHA512
cd155058c273d43f49b732b3d68e8f51df5b9b99f7a5dbe82eb0822b7289fd31d3161b6191059486bafadaa227cb450ccd7198ad03b41d6ea960dba3328edd6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4X32ZLU\D0FS9ZK6.htm
MD5
21fa59d67e51e397f5bfad3e3e411f2d

SHA1
b66683c5f4d95c3268bf699bedade0e23c95c089

SHA256
e7885ef4822973d7f92aeb4f52590cb9ecd1489c9cb5bb592fed10cde8bd457a

SHA512
3794de81d127a77750ff5d13aa5e9b9ea9bdbaf85e4bd8517c053c7f20b082564f1718a8ce206451d95fab4dec8e8cf25f139bcaf906bd7311e49e92193810a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4X32ZLU\DS10SWA8.htm
MD5
a49c1febbfa92d7bb653506b8b69e4e8

SHA1
db04f919e98c363523f1ca0dc2cbcdc0ef515de3

SHA256
6041f380efa04fa2cd2d774529d27160038f24ec9500ad1e79f98c88d7f46e0b

SHA512
675361039643c084f6c96293f2599d493cb6277447cdbd546ae597f76af453daadbdac8db59f219364e8014878289e0b8449a86173a9bc92e4f9fe0e04e98404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNQMQDEL\FH97WZ95.htm
MD5
24a669a032a16a8d9fc24bd4729ee9e7

SHA1
8b87be068fd09b35ea65b307e18c0e3af9ad61be

SHA256
4df7fe112b5cffdf651f93e740c75d3147fb44195dfdb77a427b92763666207d

SHA512
c6b45a25bd2629b4ec8386bfc857484ac499f18f2012e58e6a554f314f8a817937957226a5d7da69250b8866a0e7a76d26f1b17a5697872e58ce9182ebcb6c91

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FT3XRUS4.txt
MD5
1e32a9db728f30ff8b44c4604b2d0e6c

SHA1
a07260c7f7133e7bd15faac562cfa2e3a1245412

SHA256
0efc0f8a498f66ba2b063f82f219a95107495a747a462c23dd1abbb4b81e56ba

SHA512
b00800a1d03d9764855f784dab6ae42c2b228dc21796b2f662e3f1d40117cee35260ba20e741d4a5c21c1255b10042d985469f46ec80aabbc55524fc3357d71f

Download Submit
memory/516-64-0x0000000000000000-mapping.dmp

Download
memory/856-62-0x0000000000000000-mapping.dmp

Download
memory/968-66-0x0000000000000000-mapping.dmp

Download
memory/1332-68-0x0000000000000000-mapping.dmp

Download
memory/1332-70-0x0000000000B40000-0x0000000000B42000-memory.dmp

Filesize
8KB

Download
memory/1960-60-0x0000000000000000-mapping.dmp

Download
memory/1960-61-0x0000000075C71000-0x0000000075C73000-memory.dmp

Filesize
8KB

Download