hxxps://ankltrafficexit[.]xyz/trafficexit

Analysis

max time kernel
136s
max time network
139s
platform
windows7_x64
resource
win7-de
submitted
10-09-2021 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ankltrafficexit.xyz/trafficexit
Sample

210910-a7538ahad4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 49 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\de-DE = "de-DE.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E21EE9A1-11D1-11EC-B1DD-DAC00DB4565F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca0000000002000000000010660000000100002000000073a8c35ca71ed2ea320a239f81f5995d6d33768cbca391d37f0be5ecdcbb73e5000000000e80000000020000200000000abbd57764bf0c891fd848ae41b4328be604793b64802ba756636cfb6083535ae0040000fe4e2aa76ecc62cd167c347a73bac9e5140679ebf81b9a6ecde55053642b47aa9d97b4435644a0ddadad00014bcad2597b606dbd2ff5dc0d4eddcfdce5bbbc15cf241cd636ecf40e8ff648b13501fd545fb0d621ce7c82ef740cf2b5816a09d404bcc2ae06bb937e960f556c83d0e6256c1078bc74bd0be3847687b1048057793235c564d42ca4284f64fcdef01102b3868713f0e0c96488fbaad8de14cd81d6c82cb5ff0fdb9280434781069b3117fbb4a9eeb83fd31a0cf91cb8185886d610f41d24cd95d85ba940300305b3e40847ba273dc4c95472777c894f67654c4c574504938827d598339dcfab0aeed799bc9e7e20e02bb28f98c1df69da8a1469fc9330cacbe526fdf02f1532379d4fb54df56d84dc6d50c6bb165223cd08bef66b497a315ebf6c6ee7a4e5279e77e1d2c297c1d056d38a541374bc3c2e85728b76ef00a8cbcb4941d4213323e45500dcb07e00aeae14d36e9827b7353f81afde3f7ccb06e59d87456034513d37545f873ccdca609f7e220ac32417187b6f144afa512fca9197411f0bfeca60ede451fbe3e66c679d1b23607056d70d1d4c00b0fb70d9e8edfcbc18c3733d86425f5411f34fabfa114973310541ee73ef8f4e53af12a6f52a5bbb57009851dbe581ea6681e05e273e740d3ff5f36b59cfe881cd3f469e62abfb074379684cc954a11e398c7a54250a1a7cbb265f0e7bf8f3a4de04a4a0db4cf4c17c6a97fe3b57dfea7fb3461efb05ca8ee71c2c75a2decb527cf00c80440627a101757b8b49ad10693f37fccd9c9290d0e6722895d9a134548c32f562290e2eaa5ad05a13e0ee97b81aaf65c51aa6124b8681e5adec295d34c60e3b2f30703d6cfa8c35e4ea5edb3838c8cec0abbda9bc1c67b10d9014cce43c4fa6b4af81b9e9d9b836dcac76b93ec459a6aa40e9b9fd2a03ccfaf1c4587c048357effb2d724e790091b369e92ed0d06f39b6f9a9e027b51c482c888f47554cd7e9ad87c2225b40eefe277769f3c3217240fc0611687ae63323f731ab9209f9af53c805db7143e1755d1e23af416a34213f2bb5b2abbbac949a2f590bb7c85bce33a53cace2f2f4b7173b91295c6cbee9903606cd0f018fe386366d7925bfe71a165892325db8adb8cf8aa2e1d30d7acd3d6af5fc0485e7643c8c3ac7880f723eeaee702701d53193e872f02fc59623b375f4b930ddcc7b814bb4d27da032b8ef266902a284caa3377638e8f2428723007b4cd29f5d893b77bece4758cb103e0c0999f83f0f508d69823cef165ed30cd05eff1410bd30cf1ecf67610db94de554c4853b0f6a3bef3280d93e3223cce5b0eed8916fd3b67301d7f79828d3ed2fd03223d0bfbbb9fc1d69c2d283b4c677825ef00ff7beb09ec669a210592dd3c35fa6ac411fdb2e2dae4fd75d0b9ed1853e55306400a30ee917a2367b690c051417bfdb0112a25e2d0b553c9767c4224256d296f4ea60276980164749f33fd6af53dcf7d14126bf3088b6bec50348339653f17a0ab541aee22d55a1eba5f71c7e43d555b7507f4e9b5d569306439cc05ccf1ee0ca572f0a06f85a6a3658e478720c65ce0945b873115b066625bacfd76b0687871f6ccea4954bffb5d585c9210eec57ae62ead1cae5cee166f71b2612e6d6fa928fcfbe892b47dade2302da51dae20a1ccb15cc4e1fe944c5558e506011ca2bf6cf0ff4bbe5d253c2a7dbceb303d0fb4e1346b0f23093132ea69d85dc2697b571d54673678056279390cd55a6c98f4000000060b739ed04bdf3960f13558fde22bdfd811df3d91ffdfdb3c91bf7a929449520b31f369a36f85b5da1b5fe3250ba580a60d9a763de750ed870028cf69d4b5763	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca00000000020000000000106600000001000020000000df75e14e9266aedaec1c4b43cb8a2d73074b49838237eeb4d9b9cbd9d72ffcb9000000000e8000000002000020000000f156a506d1691ff9ef0c1424129b5ea2db91f863f80c11229e2ff1edf9871d1820000000a4f56cd9398b0ca7eac6dee411afa8e70f0ecf1e3e040f08b4d8c4a734fc323840000000b9451411513cb0732791dda05f5b03b5bd691abdb9db3f19c0dcb5192207ca60ad9852339312af932b1ea0c1d23eac37a127a89f01d4a770616a80fd3cb90bbf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca0000000002000000000010660000000100002000000001a530dfddacba5395247d6841755d77576c31038e3f431c8576395ea4876d85000000000e800000000200002000000002fb77377808ceacb9a018f8a01931eb63284d850314bc614e7b784f056ff0e5e0040000317d8ff1751ae5f7677f0d8d18a85068a70cc42b2c560565ead6ec0172cfaa64cb1da400b83be6d083abd12a447150292fed08bc47b107457d210aee787a01efd1f92a2a5ad6da1993c0baf32b1efbae915b0033e6b9523ad756b74a1b9fc61a18bcb923ef25ca05d9a67890fa95366816d671161ea441fdd59ba97cf2ada30f73daecffa1e9af1476cb8bc4404027cf231e12220f84a768e29963f74512102c70cbd3e7ecfe1b6c6744385f88e5f129939e0efd2f8ab789f6ede8a48618232dfae10cc5702aa6d4f7f969f017c1c42b17d52b52eb9765544df0d934fa693cbbd887707e961c9c1dd9064133fd4249025ae459eaf83d4c4046d75c36b82558018d463abd509a6390da279e3cb38c9a126332d51b2dd0bda783eb70f5279012a3034b33dfd13f143a33af37bb39444194fd4d6b3bd8874de60f25ca4d16f20a650d5190e2d6d494fd90bdd0c6689fb4cc1bd4af428f727b13049cf5662951ad66e94c1aac8b7edd9b8bfcbb33e9f7edb71ab18fd403ebcd08c6edff8140b3f1dd0fe899092e0e5d2445d15dbd40620b9a61344e38a2441ab10b7250086ec431632762dfcbc06afe7882b4bba6acea58a871a6094fe2c13794acdbf37074711caffa672cdd6575728a062cb023885dc4c0ec150ba0e366a171638ee0f68060185684b4cfd2d5a6790e9f323c322df89f7f92e5c7b2eb72e179cc8ec3ba1d39b95630b6081a674be1ca1672f66e5f5a09a222ed0e61bb8223214f8c50d9f995ef629a14cb8b492fb616dc430d19b91811f5cfed7d18b02eac7d6ec7f76cb1462019f378b50316a9111ab78f434f182a2e631760010bac720c7071faa2818fb2f5e96f97c2cb57f5747fe1f266820da69223b4d0583c63b2559b3547e8dbeab9bc373638903da4a88b5189652cb05476fd4cf1bc485065181feb721d7474fa4a0e6b4dfccaee4e35c5a39732aa2c6daafd82a8b5a7584736847adbafa6fcd509a16916050ce951a9454e314bef24ccefb3e829813167d47c64c0febb9d3664d19ac8fe9311272b21e22d1068fa8356c24286e1bf7131cd6c738d0a74e5dd10182fbf20d095357ead014347f989a5a71a87c26c476e6e58820c52467eb9af951de2440023728d8e20a97cbcf94771642a855a6cbedd581af70c8e36ae33bd0c73bd9ef6269530cbf780f5da2b65aa4e14f0cf613f2f30876139be17d657adf9ffd4f47ed1ef7e29c19336eff3e6a85cec201e971c0807af74626dc5d9736b38b6eb6f6fec7ce111d894b2bbc2cd72b334ac3d0faf24f5cf5c8d4c37595c1ede4fe3653dd145903703455d5e1651c6fcfcd09a349848cfda9379af82bc6b02fc535ab75e90b6a32973c05d4e93ae9523b367520692251577fe4f7a8a50bf10771ecd8ab475e3d0bb516cc3131d68d5aa0fe48d89e3fe23536a3747451f539e284120659469552b08298bfe50efaef483f9a5b9351a6ab2bb1b54790b53271335c96d37eb24d9a342ec282f2087124c65934c0edd0d968013caf348f5f36641e0e33e83cc3d1edcd49807ebc2fab370ad82800725052e3b62cff2c79a7286c5dc30623baec7e890d5d537b62d708e7fff23a010f4a1e468225bd20e077e41bf4ee3bf8e5af2091f913cb3c6003254109b2b6c2f1e2ff58473aff564dbd2c8ad758437776bf2e738a8491717b12d25ce9bb97d534bc71b7a4f7588079c2925cd061f1a2407613d349f2552e10498d973e0bff59901a9dab07e8fe0118c0270f9bd7c03c6400000001cf36c8ac5a21ce9eb8711cfa1c089cacb05b46e0c9629c088087cfa58db4ebc9309eaa8c357d10da17f012730d48cd72b7cd51fee7cf12782002c7c21aa0236	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "338000376"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca000000000200000000001066000000010000200000004138dc9670113473db1b6053f8e44d20eb1bb9d9e1b16f72722edff1954d8883000000000e8000000002000020000000621d5d81539ff3c107a7682f32af4b247aa9865266e37f4b66138a412d66afe4e004000097a237c52c0e7508465ea9b949bdfda891b3d8aa759118c03affb8361433026eb08c2adedb6f1142ab3c321965042350f203ac2970b350b429f799cc03cb26bcbbd9388bacc725e4fe68e7f5ac7e5152277d35587eea77116adf02428a76867a2dac6e91fc64cf011c79976b34fd7fe19f3e5539974fd4b1177dcebc8f362621f660568f93b991324ede34d0494fd5e36755b3eab9ea7e89c810b9458aec7bb693149820b78ec3d061e1062d5986a50f44eb206477334fb81b0ae9f3541ee06a4fa418eba761152b386c0b1a92f075b1fed9f111d06837ea4c1df311389c2f68876da20d80f941f59f681e2fd84ab5a733327c49bd5dae6c14cd7ffc6bcba92e719c1478d7613b12ced1cc18021ba7a9368df28cc25e819ffc5d758cc4d143760123a2060be03fbce8d0e0cce4558157432bb4c3768ef5fdacb3532dacd1a1fdb92e015901c9a7abacedacf0cbe695c43bfbb5612f73943eebb37c5dcc3e3d1bb586ead05f71202caa1ce7829001eafa861cbdd7eb4c6762b716c8e9f2884b7cf025a38d63f02d3812ceca6f76e7ffd6476235f0c6fb93656481b4bcf913a3e0b20fae1954386a91032c509bff6a25e69bd8f9306e91ac5e5e48a4b0587952a90869210546978fb60823487036e387e5b2879aff59a779045687f02d83934cefcaec626567291725793e7c82c531b0467c2f1ed6b03213cb0e906be81f999ae823fc1cc57e29e66d26686eddd3fa2dd02c709f8de48b473eb5061ec11a18106de9228ec3d13f1794c20e7f4038743895bba92b8a4417b4b4eb7315728a771af34f1b4f5bb3cf03d83e264f682ca565a7102ae414138bd6fe275dcf50c7195a23b83e6fd92c3826ee38e6859975606aa2dabb030a4ed1bb535bfbccca03a5f854871cb33c63165beab21e1ddbc563e28651648e447b025275f24e76dfd3d8a603055ffae5e39a036ee7d5625cec965fabfa44c58baa55cee3a9ad34e78d0f43773d55bc3d82fdba8ff43c6f37a27d713a9e37e2b10298d3f61eaf795c95d89988f52a4a47117b3583cc8da697cf13a3ad3d5ef9c9fa28736c32b1ae7640dfdc1781e4afd2f1da0e6620664958b1c39cb5f741d79a50de99531bf652d9a63d8e1f73e569aa93b9fa1c3707862c030d0c73fa9a809e07a0298e7d30ca3af9dac4062c32b684073da332a004e88a796467d399aeab34c70ee16545f86e4012fc60c24c5ff66e0062d028c700413ecf096c9c32c5878f3701c8b02537622d690f9bdf6db3cae9f0fa39406120101ba6ef5a5b43c851d085da7ad231943e6c322cb2b45a2d4730f046f9b0484b04cf1936997eafd0c569574854f8c7b7a39ea16e80aa3965a7f6795b604bc83f65a60e099d2fceef1a75aa8b4b7fcb9019cbbb66a3f5ebf63ea3db7c74ce708bc84db6b1cb17d7eebb0b78eaa588be28500722563ff0ac03afc05720a9c4aed0bcab76f5472ef09e87c33cadf4693c3ae676682d898d7efa39a29cb7204aa35c9280f91e9fa00727891a08a7ef264636fa1dafa1058f2f13c66c35db5303781cadb0b7e0276e1c9728a1835a726128adf989b23078a5273a1bfef35906d70f3675fbb92a0a7bd5a1ba74603f7034360e40c92362c554ec33ee775cc642a207a6a480371111663d431f8c6649dd3fa3300d4ea9970f9467a441190ebe7f7e6e2285ebc7b6be23fd6b7e2f90eee5108b91d3eff465780acb9c11a97e5956eaf35c3c9be4e7337ce659a54c5c9429077dbe0bf388dd6d1f4000000054ded7ea4e5f2a3b4fb71cbd67475a68a2c7465ec0e630ac783aed245689ef54ad0c481c11f3e1216f78ea0eb12b4fb4ecadfdbd6793372f80473c20cabe4cf8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0ca2db1dea5d701	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d327e8bcedb2d4b986abc323ea826ca0000000002000000000010660000000100002000000082992a445ab91ecf2c683c1e72fdf572e9b75e6a947d47326ee96659b6ebfd76000000000e80000000020000200000006bd827f76ef3cb91303f850f0abc00c0c8b2631fdbeae5d6ac24c15d66f9efc990000000003db7682a74dd41884830718a40eedf0269009aac42684af0a41e29a77edcb152ea806351cb1417c288463362613bb317847cf2bcbfa72f6cd121f8a6f9f370c33611b3a6312d8de0dcd8f1d448427147fca9910ed0b40910f9f6e9f5aed6edd590130269b1464f758875118af8a594659c830287215ed7d3bf9c73f4e4465bd2a05a24ab40dfe349212047c8bad7644000000000087522028d919bd2ac3217d4afd8ee39396fb7382fb4dedeb82db1c1b4917cb306292a0a2b8b09d6b9e3fa29badbc24e06ba495f54cb7f17c0c03c7f0efb65	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1892 iexplore.exe

Suspicious use of SetWindowsHookEx 22 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid	process
1892	iexplore.exe
1892	iexplore.exe
908	IEXPLORE.EXE
908	IEXPLORE.EXE
908	IEXPLORE.EXE
908	IEXPLORE.EXE
1600	IEXPLORE.EXE
1600	IEXPLORE.EXE
1600	IEXPLORE.EXE
1600	IEXPLORE.EXE
268	IEXPLORE.EXE
268	IEXPLORE.EXE
268	IEXPLORE.EXE
268	IEXPLORE.EXE
828	IEXPLORE.EXE
828	IEXPLORE.EXE
828	IEXPLORE.EXE
828	IEXPLORE.EXE
860	IEXPLORE.EXE
860	IEXPLORE.EXE
860	IEXPLORE.EXE
860	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1892 wrote to memory of 908	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 908	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 908	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 908	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 1600	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 1600	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 1600	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 1600	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 268	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 268	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 268	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 268	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 828	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 828	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 828	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 828	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 860	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 860	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 860	1892	iexplore.exe	IEXPLORE.EXE
PID 1892 wrote to memory of 860	1892	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://ankltrafficexit.xyz/trafficexit
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1892

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:908

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:340994 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:603143 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:268

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:472087 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:828

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1892 CREDAT:406568 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:860

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
MD5
9fbef1befa446025ce0864c95d4f584c

SHA1
ca58e6d79aaf4a03d74e2072204e9962df5e07c9

SHA256
9f5b2ee1e26938a330c45ceb3c2939fb9177a433ada5353f75baa8314b4414cc

SHA512
61747c0177e696d488de8e9b74a2758f5d4b40730239c7aa723b0846a03b94dbd45c3b6180158f2344c56b690ed9cebcb1dbc9674ba6952c444fb60825aff6b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6V0SSI7A\D04BXUJR.htm
MD5
c28b7434ea002351d04095608c7e8e9b

SHA1
1c54e6d71c2c1b2ad7f67d369696c1ce702dd544

SHA256
5d1b51cdfcf5a97a8f90dc001c21d28753c955188f57c5391fb8acfb4c7d8824

SHA512
e467c0f136ef4bd0c1d3e3a1043b180fdd23bd169ee8c081a7eacc9354e64c164665fc5553ae83e95e1d9d99da1dc6c33ece90b4037ed100830b3b3dca760962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6V0SSI7A\WHR6I6TR.htm
MD5
0b538adb2251becea5d351bc70b274de

SHA1
e2d7e0475183bba838b32a1f534b01e5d78b211b

SHA256
ba69238cbe2235623e8390e519b862033d309400dfb7682b25000ecdc5f8ab23

SHA512
1521835a5a00f54235ad23145c994e76955c31696a5fbc9e4b955e87066d6c88885275bef1d171cede3c08ee0f71c8f064af2f4cb46d2d63031f94dbe75da42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LX9K6CVY\CAJYIG4V.htm
MD5
155f3a61e984e9564080b94a5de87bf5

SHA1
e636ae9f63115215279babb0c36877e6978c91b1

SHA256
0d514a1bf15ab5b4124cfa4c3a7691ce630494d02e34c923c3e1feae0560dd71

SHA512
d6404e413a36dfb87f459adf48453a15e86062f354e38a22d148b1269d11d9a604d9f490cb774a40766dd27432d5027960f93c26bd20afd977a50b17ca2ef10e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NYLJW3Z2.txt
MD5
7f9bb2ae3193376b1d33e8d326e0a622

SHA1
2ba0117635a796dda5059945b97dd4fd707b8d9b

SHA256
7f8be38423221e4a555cbefe9715a1dca5e6245d8f52f3573eaa7cd6bd7f8b77

SHA512
faafcff0baef47868b78ebc6cde366c651bbc2c93e1be074aabc0e18fde243fff9993bb07f6a49d27d0382a9c3eed61228e822ba4c1d02fd16a58c29abd8fda2

Download Submit
memory/268-56-0x0000000000000000-mapping.dmp

Download
memory/268-57-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download
memory/828-59-0x0000000000000000-mapping.dmp

Download
memory/860-62-0x0000000000000000-mapping.dmp

Download
memory/860-64-0x0000000000DE0000-0x0000000000DE2000-memory.dmp

Filesize
8KB

Download
memory/908-53-0x0000000000000000-mapping.dmp

Download
memory/1600-54-0x0000000000000000-mapping.dmp

Download