a0c5b8f728ee17e96b5e49b9ba5de873331dda3f5751efc0665d22b3491c6139

Reason

Remote task has failed: Machine shutdown

General

Target

CARGO ARRIVAL.lzh.rar
Size

467KB
MD5

ded00ce5f2d97d2c052322e83c814d20
SHA1

653cbc3dcfd352a478850dc8f05080e219a2655a
SHA256

a0c5b8f728ee17e96b5e49b9ba5de873331dda3f5751efc0665d22b3491c6139
SHA512

81b485312c966fc00f70cb7ba3acd732fe9cdf9029afc45963a190f1ce306e52f7a74e31eb957b90d6a9b3ada579590929436db9e4eb7ea88c74d5fe2bd9dcb7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe

Modifies registry class 9 IoCs

Processes:

cmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\rar_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\rar_auto_file\shell\Read\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\rar_auto_file\shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\rar_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\.rar	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\.rar\ = "rar_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\rar_auto_file\shell\Read	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

1804 OpenWith.exe

Suspicious use of SetWindowsHookEx 36 IoCs

Processes:

OpenWith.exeAcroRd32.exeLogonUI.exe

pid	process
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
1804	OpenWith.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
3088	AcroRd32.exe
1092	LogonUI.exe
1092	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exeAcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 1804 wrote to memory of 3088	1804	OpenWith.exe	AcroRd32.exe
PID 1804 wrote to memory of 3088	1804	OpenWith.exe	AcroRd32.exe
PID 1804 wrote to memory of 3088	1804	OpenWith.exe	AcroRd32.exe
PID 3088 wrote to memory of 1488	3088	AcroRd32.exe	RdrCEF.exe
PID 3088 wrote to memory of 1488	3088	AcroRd32.exe	RdrCEF.exe
PID 3088 wrote to memory of 1488	3088	AcroRd32.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 2220	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe
PID 1488 wrote to memory of 3632	1488	RdrCEF.exe	RdrCEF.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\CARGO ARRIVAL.lzh.rar"
1⤵
- Modifies registry class
PID:1832

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1804

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CARGO ARRIVAL.lzh.rar"
2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3088

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
3⤵
- Suspicious use of WriteProcessMemory
PID:1488

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A9FE55C7416815F38B8E54845292124D --mojo-platform-channel-handle=1608 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:2220

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F68E03D838F92F2B8A6514C9E396E2D2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F68E03D838F92F2B8A6514C9E396E2D2 --renderer-client-id=2 --mojo-platform-channel-handle=1644 --allow-no-sandbox-job /prefetch:1
4⤵
PID:3632

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=75DD689EC02CE80D402184311A82A7D8 --mojo-platform-channel-handle=1688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:1300

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=33E50CBE77956D9A0B1D62698E19FA68 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:2096

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=08789EE994896B374255050D86BD1BED --mojo-platform-channel-handle=1848 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:2600

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3ad7855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1092

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1300-126-0x0000000077EB2000-0x0000000077EB200C-memory.dmp

Filesize
12B

Download
memory/1300-128-0x0000000000000000-mapping.dmp

Download
memory/1488-115-0x0000000000000000-mapping.dmp

Download
memory/2096-130-0x0000000077EB2000-0x0000000077EB200C-memory.dmp

Filesize
12B

Download
memory/2096-132-0x0000000000000000-mapping.dmp

Download
memory/2220-118-0x0000000000000000-mapping.dmp

Download
memory/2220-116-0x0000000077EB2000-0x0000000077EB200C-memory.dmp

Filesize
12B

Download
memory/2600-134-0x0000000077EB2000-0x0000000077EB200C-memory.dmp

Filesize
12B

Download
memory/2600-136-0x0000000000000000-mapping.dmp

Download
memory/3088-114-0x0000000000000000-mapping.dmp

Download
memory/3632-120-0x0000000077EB2000-0x0000000077EB200C-memory.dmp

Filesize
12B

Download
memory/3632-122-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads