hxxps://ankltrafficexit[.]xyz/trafficexit

Analysis

max time kernel
141s
max time network
164s
platform
windows7_x64
resource
win7v20210408
submitted
10-09-2021 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ankltrafficexit.xyz/trafficexit
Sample

210910-a7538ahad4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 49 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026b0554c849e93448ea6cd59f4c189ab000000000200000000001066000000010000200000008f8c927dadd1fb67db5b455832c2953c743c5bdc0c6ca3ff606113ead628697b000000000e80000000020000200000000e9b6010fbf295654218ccb2cddf816a0405999f6aec80d1dd4152687b2f71a12000000010dbd93c24d328dc58d48ee3a883e078c24b818fabcfa346774de78587b296de4000000042214e0e624cfade5d544039860bcc0033e9bad369c0e720d199c60aad3c3a9a8d2e501b2c534840748c43d44431537f3903bdffc12969a4180d5363cf23c3de	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "338007142"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026b0554c849e93448ea6cd59f4c189ab000000000200000000001066000000010000200000000ca2aeaa49fd5c015b9666a4af509bc73a67f7fffc9e9a0d5cc617e01ac2e948000000000e80000000020000200000008e78c50a2f40da22fbaff3ad2a0aa94216b7055f83f4d2f946fbbb6c00b3ed40e0040000f84a481efecec7757c5499572535a2ea2c5cc7f117accd9087b27c656d236974fefdbd41967efa71c312dc8409b01a94eb64d1d6af3fb9318507db390a10b70fbb203e856ca8f633b0926c918d8338bdc6f5eb5447261a192941847947eab125a8ff5b4749e0934c8f9bcd9e7c2123517d2b19c04b5c41105ad8401007ae0ed59326a4cbf5ce757347a100576d00e24e4b0cfae388507d5749dd9cbc8f2fd0ad5eb5332014dd9627b3c17e403b02efffc3195e73d3be10c57a86b560eb5b50e486900660ba97de9537838a8f422330dbcad69a3cd06d30e958d00c047ce12f34dcc5064c1ef5e210242e3b728f739bac1d9f2453f6b6072af108920b21f84695278218303bf01bfdb92a85639fc1e2ee987cdff8832306462f707d3c9a38fe13f553e2e027d50d4a0a65a319c7eb662c52e4b049acef93bc853299fbc5a31f37ebe24dd519a94749e5a573f298dad1334b6f298786f98fe5016108be7f01f186debd283b9cb279a5bedbc4638168f4493ca2cd69af300570bf268a406e2ef8e8875e705de7413babc82fd71426d4230b252eee292fb18e7cfd817ec7b636482e57cff7959957de87090ece14379661cb5dd70147f3a75491ef7c61a0427339e8081c8d5f888bd40cfbdb7f9609331e974353e160f2a90dbae2afd04ac4fded35304389ec1c0d4ab8b66cf766e5b479adb7614a2f55570dda597673aced320c6b3e011a3fd17d9587b3b9e46b057b38aaaef7c4462f33e377ed57b2a2d0dd8a3fb41946a63e84643c7817db2e950c1c6715a31480373509c6e3f337e70679e5bc0191b6e308ea69e1da12e3cdac85dcffd45be49fa356a6c8365b2395624ae3193412984e020b585db362156f222f0881b98e71ab82414f80c34dd1b9aaf45f56ea00851388b966a4218589ec7acc13064c5a7808a35127c61a6f9a8617f3a5edef3a142db450890bfd080b68955d0bd76947d96ac60c6861e0ef91c9b22ac26ad772d9c61294defd3781209aabc20c800daf04db6d005331e40199c261c9fe51fc79f05f56e452b1bc63e83ee0a20a6ddb7ed68f6d94931014482b57d5f6d2015ec6fd17c518a0e22f7db05761fa5c3067d652a3bb5ab7e551404a1d27b0058358d04957ec4366923df8f1c2d1fd8fb4f772cdabcae7563b6ab08e759609f5f0dc7c3f3a5cbf06804b10c14ee5f2830a00bf2e437e1772fa10c6753aea02ce5b34c812598dcf88f52b0c868403df7be025fe04bb31b2173f531c0553fa36de517cb7f6a2757063b54e8b4d6d9aff52dac2ec43e9f580315efb90d02a25bf5316c02c0724066fb02d9a6bd61ba8e728397e4e0f52ebcceb9f95b91f17b6ce2334c50847c8c0d3200d256cb01b6b885c6ac3f315887b2ad5deff771cc442ac74661b67128df95ce9c090a56a41a22eb19eb6ff63f7b7a3c1c105b23bab257960a899d51830b1e512e19647520804a815c127d064335dbd28db6d7626d410b01e693c474be28b8760717bb788f9e201356a11f223986c2a38728e5671ae7c67b2a1dfe93bbfb408a52ffce9d72a0873e082f56165f51a273e24f79d717ab646e2b7fe59324b42734c911a6b115964e26cca28a99c4ab4723ab5a8f3e71a51b65acea9da981c6d241e10aab9e868ac090d37d85d25a8762f8a535b64fa679457322bfa59d6472e90a34b7b794546d76610bad4b8a8f6445b13958cfe4db2cd846c7ba14319d5180ea72ef842076285c45694f84ab9feeef6ca175a38c9e13b5dbd93400000001379f08e058ddf0c3f4b72eb595272ede46486e62b7d92e677e2d1659f7835fc7b0254e75c9daee9bfce7cc7dc1f12c99fc686a90357b6da4a2a3c058f5559ff	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5F268F1-11E1-11EC-AEC4-5A9049F94F70} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026b0554c849e93448ea6cd59f4c189ab00000000020000000000106600000001000020000000bfef95566e852a4010e25028a6f0a0b7c1a41e4f7f1badb3883003621e348f30000000000e80000000020000200000005d89cd98487a33d8f825b44969d1924c3b21a60b72e4eb6c8c7edf5e212dcae8e0040000d4b4ac2cd6b5a2dbd96b2763c227fc1edbefe321d644b5c41c05c9df0b9e43dbee5675a67dca01ac03f42fbb0bb630f0126bba1e84e560358b6de617aec4a0fbb38b8eaaf94a40f94cbb0a1d9794ac0bca110939bdfb073e1bf784c04c1b4ff727decdc288e8b42bf12e9230815ad679b9b53562ef10aab96d279a7f14f5f2fd16057b2dcf8dd476cdfde046a697141e98e47667f8a190f583615a0b6628166e2a203742f55d409d54285c80ea0ecf75fa64c1603288c34d1daf6bec34fd07da927d1026a4b1c5bf8670594a85391e3ab1d102a6870ad0e9635b9ffcaeaaa1ca0d79bce537e7699ec7ba074c53c1e51dc05ea69f16e43326163b38554b30f1b9c4231058d48b93cfb60d057ba37230bea923ce28bdc7cad71c00e49dc96dff17b816e3297eea353a4eaf0d4c74e857ed798dea1c4cad51b2d57525f6569a78fca12282556bbc11f09ab020856bb4e5e1ce6891e59aa773591cde911caf7a7e37a35acefe57089e4cafd8746ac0d08ccdb0e29ab046195aab8ddb9334db3834cb896b87353baa53bbd1f90e30f3270a7809cae5039e2531fd6300b6bab715c53072a0ee4fab356d5d8f210d767b2d3dd261ab4dacca6ec3b372d26f62a4aa660792d7dd8ce3b7ce8ae5eba96c687b2a8d484aaf961100db662b07f38877406d933e955a3a5a5319671ebcca9f78ec85808104f20c1e93b5297898abb071547f8c70d61392887faa93d3fae06f179154d8f05e6c845bbeaa505fe19468525e9434208fa0052a982fe7199402a764954a8b17813a46d144eee8806e65cc0a372040a43391e1dbf2692a2f6e987310ea94b368ede0f525be4a14c9dd3177e1ff6b620fdd5d4c6ada03a11410704560cd74566611cc5235038c5fc4addfa11c7d0fe184f27ca781b290067c4f7736b0f863a2649ee6caeaedbe1e89d93b3232ae93912980bb05a4a42e9c1f349415526db200a6b2975daff2dd4bdf9a235db31d180036df3fb4c24ff36b4b65ffabe61f2d76f5c72f6ab3c0b1f4739962fdca725ecf929df18dc29f7cb33339c5b1e7e2873a29073110da0b75f2d1cb12a5a27909917aa10b4bcc1572a0fb50ab93dc21d8abf3190353e38667048a24b1bbab616ee705675e0598059633a9d2816ce7d978b7c28b5474d7e4647fc97edc0bfd332e88e709784d732496257b6cb2df8eb52e4c049efa17ef91dfd884dd6c0b428d7ca9081ff3436aeddbb98eb8eb0d1aea08e052fba00f74a2d0126854b1d78b9eb16c5b90e51e6cde361c9296618f027aa32585129a7ebc24a963bb839c6e41879b8b395349885ae65ad6477b09af8f3bdc3ba23fd7e45d6fd69e7d293a8cb822ac44a5aba91bf5b7fbd4a8d586ebd0ae5cc27a14bcdc6b50b3c00775a123267c9595deb1994891ec2f70405b0a42c310ff7e440255de1cdd9d456c57f698f938d0ea7e4b6345fd119e6cd6725e3ca5bcee5abe1a6deb4f412832fc54bec96a01d95491d02cb5335a358eb7b7dcbd36095b343c9f9e534a37648e4c7900bacb3aa101e366b0121fcd7e0819b6edea4f26d03f8cca2234554b8d8f3ce605453ed991ca9d86e775ab05107031e91f7c8b9c7f76bee8d0aca958721a404183f43a92e381521863c7925f8e8b50439344bae072f32ff84e99e89332de9004aa6acc06400ad9fc500d7b6f18eb6d17702a40f915c7620bda7c366d2a312396e201559b305c70bc4f5f5a27a2118bc83faa5db569d9d0746835316243faacb7e4b190977977400000008ef5d790ad2ab773ee65c9ec7cfc8da55e26ecdfc47a680cccd652d06c38aad2c9676c523962eafe70a165725455049addd86339b33125f39264a802f8512d7f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026b0554c849e93448ea6cd59f4c189ab00000000020000000000106600000001000020000000ee1465c1b3fabe8739a485c75a1dee93d19a619b8c7deaf8c8bf24ecf7e34623000000000e8000000002000020000000441325b018b1204be2b8b25a072c8b3f9fde153f4e0bfb5af2b8c36b767cf34690000000f54bc97433e21c23590d59b8d61136494f5957f758613daf303622649d884931dfd1c4427cb2744c6fc7524382f29420305e4242203840354a03ed77e3c267e95651c2fe5247a99ca1b355339a233ae9adb7af645583c376b6380fae14d8262d0827ad18aee9aa2e59cc6420c52fc4ce2f0653759b588da6fcb02cac1a5234028bdae5868a2c56f34203d41e32736703400000007bc9e7da2f26ec61c0b1f2c51faa0462e53da5736aafe26082ad49ca6dd474c77a8cfe59a6bdbbf33fd5423985f5c0295e93c4810f9089bd34d55467783b5593	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701f2385eea5d701	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026b0554c849e93448ea6cd59f4c189ab0000000002000000000010660000000100002000000002c19321966b61743cc0f2d4913214fd86854c9da8ec38f54fd8a8bb498f76ee000000000e80000000020000200000002d6fa42151beff3aad13c7a19edfe4a9faca24b6d3fbdfa96ed0cc1ae721f293e00400002b36a8bc2bd1bf631968b80c60fb2a151a4155822b241b473a79add76ddf778dfc3ffbf8d7498ea273de19e0dbc76eb2ac250ae0d5bf86e0c669f321752e397d01a294417c72827548f650f754d0b2de1f517cb146a784d52bb7512f339b0ccae34d64198128bd138240628886a9d14f2dbaaf099e5317f4244395e3f99f784fbce03244e6c22b8103b7a675c79d4bd2344615cbbdf1e4cfc65adc7d12ace1662cbad6c6ca04e8b8aaf111c39ee1163dc4feaed9ff838189925d7f5202fad0a31bba0b6da298d9bfd589443fbae0d6d9db2606456509c466d3d9cb83e251eef06495b886806fb120fe0b926275fd9de5f8c8e1451b42d07c03661d3a522028c672a9a96ae5471a4f3db9139d9e7479567ec95fb643e9f4023c4196b92104b668bd8db7a3cc495a32b16f4a2f5ca6c8b382dbcccf33330898a11ec58966790c6c663818a04cd357020ef14ab5ecfc8dd8dce967bd3623e69ac7e3b312348c10b1faa5e048394887b627899da17ac7afb00b3a686bf182af7e490718697266aa6bf6cfc22e2852c72a87c46820783a0bc8946bcf89ff24ac32aa5ee65facf173360c42ea675f4c38bfa0c902dfe7620d5c469420227dc24abb9ce4bf77786841f875c8fca97a270fd178018ec09dfaea28075f91b3902cf6861dbe79d82427b16ccb72935e60b301ac43ca7583f7f789b4744d9b5bb23ca5163f2a8a9f8ba1aadf48132703f34a9745951b49f9edecebb04e44aee4431076f9a3174512ae40df4468b5c846c5320f5f8985ae019701456e55d9fd52857e87ed179e80384aad25e75320b391c2b9153ce520e4adf7a73f17af5385323e7763fa205c8864beeab0c3a99623364da579433ff5c472d337f5293f640358103dbc52e346d86c5ee81e5899c85149b6df7d7e07cab4b31c4ee3efca7500f68644938eda439ab8c5c88498caf56405256cd3c3fd199d88f80586c759b74b93558720ed108103ec931f549caa80904af2db4af4413b7e3408c3998f1b4c3ce15719b687a71cab475c9d2309c0bd912e02880449cefe37d1e61aba6c062b83c4ddaf1c8ae2299fe4b1cdaa6651bb4c09c619a06a2f0f0ee7917472e4db6b6acb0dbea766a0b2b495ca638ea15c35dfdaccfcf39d12afb439e97019be19933a025dfab55f15590700dbf04934b75623a152b37db99aa0e56537357fb303480eee0f060c33b13f971591572c8fe5a51dfc0ef20d5920c93955ff59a4248b06c404db8d7fafaf2b32a4e32990659f9743988311346800d82ff8aa84feaced7037fc097726162942d9bc022c77f77bd80f332a98ef76af296e9d7f24fc34fc4716d3bef2c01acccd807a40d1ba79a115b7367223a0a7a49e13308ae821697b96ee14cc625981ff3f654dbb55868d60700e6c1d5b5c2a0a3c15e3e9e9932d9309dda7918f9d7c1dd07bed1fdaa07e9cbf811886e2ccbc8449bf6984f86fb4a4ce7e21b35d1261cbc713854a63dd18ea1200c6c9be51320d6a03d19d109532203e9e3dedccc34bcf44f032a5dd6f25e6647c9842dd8a5c576c97c6d189d55c0735b98e8f6a8874e99fd266c030bec72014c10bca10bd492e39969c85efd0da1d61316b91dce0a38f7a0cac302050c28af697f4f7531d9db63b35757af1e5253612de917cac871d5cad0fc9fcf538b749a53ddf9088a571b10485bc5e058fb1a3a2c8d382d4929e520c5331015cbed010f06103a5548959b6310ce9fa54da2436da71f88031c2f4defc80d7fd85525a40000000e6af67e07e772ca8dd26fe72e19073485cb2055161e430d5d4fe50789cd712fcab2a47c011d02ca8938713c59953f7fcfdc4050c3bbe991885bac4b4f7ff7b2b	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

1208 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1208 iexplore.exe

Suspicious use of SetWindowsHookEx 22 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid	process
1208	iexplore.exe
1208	iexplore.exe
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE
1892	IEXPLORE.EXE
924	IEXPLORE.EXE
924	IEXPLORE.EXE
924	IEXPLORE.EXE
924	IEXPLORE.EXE
1780	IEXPLORE.EXE
1780	IEXPLORE.EXE
1780	IEXPLORE.EXE
1780	IEXPLORE.EXE
868	IEXPLORE.EXE
868	IEXPLORE.EXE
868	IEXPLORE.EXE
868	IEXPLORE.EXE
1584	IEXPLORE.EXE
1584	IEXPLORE.EXE
1584	IEXPLORE.EXE
1584	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1208 wrote to memory of 1892	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1892	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1892	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1892	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 924	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 924	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 924	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 924	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1780	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1780	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1780	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1780	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 868	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 868	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 868	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 868	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1584	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1584	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1584	1208	iexplore.exe	IEXPLORE.EXE
PID 1208 wrote to memory of 1584	1208	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://ankltrafficexit.xyz/trafficexit
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1208

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:340994 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:924

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:472081 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:406556 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:868

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:341038 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1584

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
b3e69ead8b763477640a25a0667c45f9

SHA1
6c33227f2e6d6cfe2567ff3d6fc48deda45f9952

SHA256
e0de3ba9c65836ec25cdbd2e250d2606224435ab98e351a048e0b3fa6d34971d

SHA512
d138d2f1f6310a94990c6ff622f6816ed2b4bc0f1a7e73a3a2bd2046cf4d5568a0e2d72532d8048aa85b7686d42d412aceb94c745312604951e394b22400c00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4X32ZLU\ES5R7VVU.htm
MD5
8c3cebbe215df4e94e4221d8384ff762

SHA1
de6cd460639e2be1de41a66a16d4452b1958c3f8

SHA256
e4d6b1f64b5aed7f04ad0668101c049dbc924c4c22746e2804da1a261e067755

SHA512
546b7d8105998800bd1babdd9c9e76b05c9d34dcdc246a4a8bf8167415a1e8691ad551cb46c3b5c00764838c645d3e66bf06d80e016aacb4a8b53170e2fc6043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4X32ZLU\M3B7UXY5.htm
MD5
54d2be128a9a611be936074f2e0a0fff

SHA1
ddcfa17b5ce12005aa85135eff19999cafed73ae

SHA256
9a27d5ca6c79ee96299d06c23654656582b2c948c55b6a7109e4902d10dfb0f8

SHA512
99b8d346eec639bfe527f0b27859e8e8a6226182042866ff663b9eb4e061fff18e8742c53107d6cbee1eba6e4dfb1500979ab3101ce6db29d0ff0f3e0486e9a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNQMQDEL\FPAIIAFN.htm
MD5
eadaa68361f31d831f2d8609e7cbcf44

SHA1
943d8bfc46f97715403bad4c9c022f1dca6fd196

SHA256
e4924a47c4b7154c62bebf8a1d66c25193efabe38bd0ceac540595f1d8d656ee

SHA512
820b7d3ed6895ff0ff99f87ce3a671c965833e2af72b10610174a0646ac82a5d20625a0c2c24c994d7607db38b205c6c2c98dc3df6e47b2ab4e60cf86bc08e64

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8SY62MBL.txt
MD5
1cc479ab2dbdd3de78040b4627c6c8c5

SHA1
dad0e10d5c9d842fd8886e0d91884406d9f8bcdc

SHA256
3c273e68cb77a567a0fbdaa31f43f0cab0599ca3f8a67c8bac80e4905d23efcc

SHA512
6cdb630098bb82ccb9b38f305efe17ab569cf2be731870ca93306e696f097116b3a6ef53e8c918f0268d592a59801c0369ee77686578a16d18922aba8396cf10

Download Submit
memory/868-67-0x0000000000000000-mapping.dmp

Download
memory/868-69-0x0000000000370000-0x0000000000372000-memory.dmp

Filesize
8KB

Download
memory/924-63-0x0000000000000000-mapping.dmp

Download
memory/1208-60-0x000007FEFB9F1000-0x000007FEFB9F3000-memory.dmp

Filesize
8KB

Download
memory/1584-71-0x0000000000000000-mapping.dmp

Download
memory/1780-65-0x0000000000000000-mapping.dmp

Download
memory/1892-62-0x0000000075C71000-0x0000000075C73000-memory.dmp

Filesize
8KB

Download
memory/1892-61-0x0000000000000000-mapping.dmp

Download